problem - nemoguća instalacija AV programa

1

problem - nemoguća instalacija AV programa

offline
  • strike 
  • Novi MyCity građanin
  • Pridružio: 02 Avg 2009
  • Poruke: 7

molim vas ako neko moze da mi resi problem .
Evo loga

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:20:53, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\USDownloader-Lite\USDownloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsxeqw.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\w4fb25.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dfsgnf.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [USDownloader] "C:\USDownloader-Lite\USDownloader.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7219 bytes
predpostavljam da ovo nije u redu, drug mi ima taj problem nemoza da instalira nijedan Av program
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsxeqw.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\w4fb25.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dfsgnf.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Moraću te zamoliti da se odlučiš gde i od koga želiš pomoć.

Znači, ovde ili na nekom drugom forumu. Ako će biti ovde, podrazumeva se da ignorišeš sve savete koje dobiješ bilo gde drugo.


Btw, ako je računar drugov, zašto se on nije registrovao na forum, već ti?

offline
  • strike 
  • Novi MyCity građanin
  • Pridružio: 02 Avg 2009
  • Poruke: 7

Nemam pojma o kom forumu pricas , covek mi poslao mail sa logom mislio da mu ja mogu pomoci ali nism uspeo posto nemoze da instalira nijedan AV program, a inace sam dosta ovde citao o tome kako pomazete ljudima pa reko da postavim log da pitam da pomognete to sam i njemu rekao da cu postaviti na ovaj sajt da vidimo da li moze nesto da se uradi.Ako moze zahvaljujem ako ne opet ok.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pričam o ovome: http://forum.krstarica.com/showthread.php?t=302867


Može li nešto da se uradi? Verovatno. Ja ću rado da pomognem, ali tvoj drug treba da se registruje na ovom forumu i da sam piše u temi (ne vidim zašto bi postojao "posrednik" - to samo komplikuje celu priču).

Ako se odluči da ovo rešavamo, treba uraditi sledeće...



Preuzmi program RootRepeal sa jednog od sledećih linkova na Desktop:

http://rootrepeal.googlepages.com/RootRepeal.zip
http://ad13.geekstogo.com/RootRepeal.zip
http://rootrepeal.psikotick.com/RootRepeal.zip

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Raspakuj RootRepeal.zip u neki folder (uputstvo), a zatim:
dvoklikom pokreni RootRepeal.exe;

pređi na Report karticu (klikom na Report taster, dole, desno);

klikni Scan taster;

u prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK;

u narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.

po završetku, izveštaj (log) (koji će biti automatski sačuvan na sistemskom disku kao RootRepeal report datum (vreme).txt) će se otvoriti u Notepad-u.


Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.

Napomena: tipična lokacija izveštaja je C:\RootRepeal report datum (vreme).txt [datum (vreme) - datum i vreme skeniranja)].

offline
  • strike 
  • Novi MyCity građanin
  • Pridružio: 02 Avg 2009
  • Poruke: 7

Ok javicu mu da se registruje . Pozdrav

offline
  • Pridružio: 23 Feb 2009
  • Poruke: 41

Napisano: 02 Avg 2009 23:11

Bez podizanja frke momci, evo i vlasnika problema licno....Smile

Pozdrav svima!

Strike- u izvinjenje zbog nelagodnosti koje imao ovde i zahvala sto se potrudio da pomogne osobi za koju jedva da je i cuo. Nisam pretpostavio da ce nas zajednicki drug da uradi ovakav potez. Hvala strike!

Veliki pozdrav tebi dr_Bora, citao sam prilican broj tvojih postova, sticajem prilika na krstarici jer tamo sam nekako navikao...i izuzetno te cijenim kao kulturnog i obrazovanog covjeka koji zna posao....zato mi je i drago sto si se ti javio na strike-ov post, sada vjerujem da rjesenje mog problema i nije tako daleko. Postupicu po tvojoj uputi za RootRepeal (nadam se da ce to i rijesiti problem)a ako te zanima jos nesto o mom problemu rado cu ti odgovoriti...

Pozzz

Dopuna: 02 Avg 2009 23:22

Evo loga dr_Bora. Hvala ti za trud Wink





mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 23 Feb 2009
  • Poruke: 41

Napisano: 02 Avg 2009 23:55

Nadao sam se da nece doci do ComboFix-a (malo znam o njemu ali koliko znam njemu se pribjegava kad je baaas gadno)ali sta se moze, vazno je rijesiti problem.

Ok, hvala krecem u akciju...

Dopuna: 03 Avg 2009 0:18

Evo ovako, da ne pravim kilometarski tekst


mycity.rs/must-login.png




ComboFix 09-08-01.09 - Administrator 08/03/2009 0:04.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1508 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\inst.exe
c:\windows\Installer\4a143d8.msi
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\Drivers\oyfw.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAC970NT
-------\Service_dac970nt


((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-02 10:58 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-02 10:54 . 2009-08-02 10:54 -------- d-----w- c:\program files\Panda Security
2009-08-01 22:20 . 2009-08-01 22:24 -------- d-----w- c:\program files\Trend Micro
2009-08-01 17:49 . 2009-08-01 17:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2009-08-01 17:49 . 2009-03-29 02:27 2567629 -c----w- c:\documents and settings\All Users\Application Data\~0\Uniblue RegistryBooster.exe
2009-08-01 17:49 . 2009-08-01 18:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-08-01 13:33 . 2009-08-01 13:33 -------- d-----w- c:\program files\AskBarDis
2009-08-01 13:32 . 2009-08-01 13:32 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-01 13:32 . 2009-02-15 22:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-01 13:32 . 2009-02-15 22:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-01 13:32 . 2009-08-01 13:32 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-01 13:32 . 2009-08-01 13:32 -------- d-----w- c:\program files\Zone Labs
2009-08-01 13:32 . 2009-02-15 22:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-01 13:28 . 2009-08-01 13:35 -------- d-----w- c:\windows\Internet Logs
2009-08-01 08:02 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-01 08:02 . 2009-08-01 08:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 08:02 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 21:50 . 2009-07-31 21:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-31 21:49 . 2009-07-31 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-30 22:25 . 2009-08-01 08:06 -------- d-----w- c:\program files\JDownloader
2009-07-30 22:24 . 2009-07-30 22:23 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-30 22:23 . 2009-07-30 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-30 22:23 . 2009-07-30 22:23 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-30 16:44 . 2009-07-30 16:44 592 ----a-w- c:\windows\chgkey.vbs
2009-07-27 22:03 . 2009-07-27 22:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\FDRLab
2009-07-27 21:59 . 2009-07-31 23:44 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-27 21:52 . 2009-07-31 23:41 -------- d-----w- c:\program files\Common Files\Softwin
2009-07-27 21:42 . 2005-06-29 14:28 188416 ----a-w- c:\windows\system32\NCTVideoFile.dll
2009-07-27 21:42 . 2005-06-01 10:16 778240 ----a-w- c:\windows\system32\NCTAudioCompress2.dll
2009-07-27 21:42 . 2005-05-25 13:24 764416 ----a-w- c:\windows\system32\NCTRMFile.dll
2009-07-27 21:42 . 2005-06-01 10:11 877568 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-07-27 21:42 . 2009-07-27 23:27 -------- d-----w- c:\windows\system32\RMBin
2009-07-27 21:42 . 2006-03-29 12:35 475136 ----a-w- c:\windows\system32\SkinCrafter.dll
2009-07-24 17:09 . 2009-02-07 05:43 24576 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\59xg7pzy.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
2009-07-17 20:23 . 2009-08-02 12:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-07-09 17:34 . 2009-07-09 17:34 -------- d-----w- c:\windows\speech
2009-07-08 07:59 . 2009-07-08 07:59 823296 ----a-w- c:\windows\system32\ppsynthesis.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 13:33 . 2009-08-01 13:35 1318400 ----a-w- c:\windows\Internet Logs\xDBEB.tmp
2009-08-01 13:33 . 2009-08-01 13:35 9216 ----a-w- c:\windows\Internet Logs\xDBEA.tmp
2009-08-01 13:33 . 2009-08-01 13:33 1317376 ----a-w- c:\windows\Internet Logs\xDBE9.tmp
2009-08-01 13:33 . 2009-08-01 13:33 8192 ----a-w- c:\windows\Internet Logs\xDBE8.tmp
2009-08-01 13:33 . 2009-08-01 13:33 8192 ----a-w- c:\windows\Internet Logs\xDBE7.tmp
2009-07-30 22:23 . 2008-10-08 20:48 -------- d-----w- c:\program files\Java
2009-07-29 23:45 . 2009-01-04 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-29 15:33 . 2008-10-09 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-29 15:09 . 2008-10-09 20:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 15:03 . 2009-02-13 17:12 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-27 21:35 . 2009-04-24 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-24 16:32 . 2008-09-29 22:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
2009-07-24 16:26 . 2008-09-29 22:06 -------- d-----w- c:\program files\DNA
2009-06-29 16:12 . 2004-08-03 22:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-03 22:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-03 22:56 17408 ------w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-11 20:49 . 2009-06-11 20:49 -------- d-----w- c:\program files\Common Files\Common Share
2009-06-11 20:49 . 2009-06-11 20:49 -------- d-----w- c:\program files\OJOsoft
2009-06-10 22:13 . 2009-05-13 23:29 -------- d-----w- c:\program files\play2p
2009-06-10 22:13 . 2009-05-13 23:29 -------- d--h--w- c:\program files\InstallJammer Registry
2009-06-10 22:13 . 2009-05-13 23:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\play2p
2009-06-06 12:44 . 2008-10-09 23:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-06-04 21:26 . 2009-04-25 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-03 19:09 . 2004-08-03 22:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-17 17:55 . 2009-05-17 17:55 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-05-09 18:18 . 2009-05-09 18:18 2228534 ----a-w- c:\documents and settings\Administrator\Application Data\OpenCandy\audacity-win-1.2.6.exe
2009-05-09 16:38 . 2009-02-18 22:09 4762112 ----a-w- c:\windows\system32\NCMedia.dll
2009-05-08 20:42 . 2008-12-09 21:51 47360 ----a-w- c:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-05-08 20:42 . 2008-12-09 21:51 47360 ----a-w- c:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-05-07 15:32 . 2004-08-03 22:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-24 08:27 . 2008-10-10 21:21 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"USDownloader"="c:\usdownloader-lite\USDownloader.exe" [2008-01-14 528384]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 248344]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 1073152]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1179648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-30 226712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 1059208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\KB905474\\wgasetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe"=
"c:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Trend Micro\\sofro\\sofro.exe"=
"c:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"=
"c:\\ComboFix\\NirCmdC.cfexe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/2/2009 12:58 PM 28544]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DAC970NT
.
Contents of the 'Scheduled Tasks' folder

2009-08-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 12:11]

2009-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-1801674531-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-05 22:22]

2009-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-1801674531-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-05 22:22]

2009-08-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 20:18]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearchMigratedDefaultURL = hxxp://www.Google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\59xg7pzy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/firefox?client=firefox-a&rls=org.mozilla:sr:official
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\59xg7pzy.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

Ok.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-03 00:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-492894223-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{749ABFD4-CBD5-0C73-A817-894732B448C4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafbhekodbpggbhelc"=hex:6a,61,62,61,69,63,62,6d,6f,6c,66,6a,61,6e,6b,70,64,70,
6f,6b,00,00
"hapbndneodibkpng"=hex:6a,61,62,61,69,63,62,6d,6f,6c,66,6a,61,6e,6b,70,64,70,
6f,6b,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(7956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2009-08-02 0:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 22:14

Pre-Run: 23,263,162,368 bytes free
Post-Run: 22,950,428,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
259 --- E O F --- 2009-08-01 01:00

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo ne izgleda dobro.

Ovde je aktivna jedna varijanta Sality-ja; u pitanju je virus (file infektor).
Za dezinfekciju virusa je potrebno koristiti antivirus program - problem je u tome što je dezinfekcija praktično nemoguća iz aktivnog Windows-a.


Postoje tri mogućnosti:

1. formatiranje diska i instalacija Windows-a.

Ako ti je hard disk podeljen na više particija, sve što ti je bitno možeš skloniti na jednu od njih, formatirati C: disk i instalirati Windows.
Odmah nakon toga bi bilo potrebno izvršiti skeniranje svih preostalih particija.

2. mogao bi pokušati izvršiti dezinfekciju korišćenjem LiveCD-a neke AV kompanije. To uključuje download image-a, snimanje na CD, boot sa tog CD-a i skeniranje.

3. mogao bi prebaciti svoj HDD u drugi kompjuter i tamo ga skenirati.


Jasno mi je da ti ovo ne zvuči baš dobro, no... Dezinfekcija aktivnog Sality-ja je stvarno nemoguća misija.


Javi na šta si se odlučio pa da te uputim na odgovarajuće programe.

offline
  • Pridružio: 23 Feb 2009
  • Poruke: 41

Blago meni...

Nemam na sta da se odlucim jer ne znam sta mi je teze od ovoga svega, u stvari svejedno mi je...

U pitanju je laptop koji je jos 20-ak dana pod garancijom, ako ti to nesto znaci...

Predlozi ti neku "najbezbolniju" varijantu, ja zaista ne znam sta da radim

imam C i D particiju...

Imam kao neki image na dvd-u ali nije klasicni nego to je nesto acronis....preko njega....

Sta ti mislis da je najpametnije?

Ko je trenutno na forumu
 

Ukupno su 986 korisnika na forumu :: 46 registrovanih, 9 sakrivenih i 931 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, A.R.Chafee.Jr., AF-1, airsuba, bojank, Boris BM, ccoogg123, CikaKURE, FileFinder, FOX, Georgius, HogarStrashni, hooraay, HrcAk47, ILGromovnik, Ilija Cvorovic, JOntra, Krvava Devetka, Kvazar, kybonacci, ladro, Lieutenant, lord sir giga, Luka Blažević, MB120mm, milanovic, milenko crazy north, Milometer, Milos ZA, Milos82, Misirac, nemkea71, nick79, nuke92, pein, pera bager, procesor, raptorsi, Ripanjac, sovanova95, Srle993, stegonosa, tubular, VitezKoja, vukovi, |_MeD_|