problem - resycled/boot.com

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imao sam problem kao i na temi http://www.mycity.rs/Arhiva-Ambulante/Malwarei-na-cistom-Win-u.html, cak mi je bio i blokiran Windows Task Manager.

Obrisao sam C: particiju i instalirao ponovo XP. Posle instalacije sistema particija C: je bila ok a u D: je ostalo sve isto. Iz Registra sam obrisao sve sto ima veze sa "resycled/boot.com", D: se posle toga normalno otvara ali nikako nisam mogao da obrisem autorun.inf. Posle restartovanja PC-a sve se vracalo po starom pa odlucih da instaliram AVG Internet Security 8 koji je nasao fajl kao zarazu i obrisao ga. Iz Registra sam ponovo obrisao sve sto ima veze sa "resycled/boot.com". Uporedno sa tim sam nasao gore navedenu temu i posle zavrsetka skeniranja AVG-a odraio deo sa ComboFix programom. Mislim da je sada sve uredu ali sam ipak skenirao i sa Trend Micro HijackThis programom.

Molio bih vas da pregledate log fajlove i ako ima i dalje neceg da to ocistim a mozda i da ponovo skeniram sa ComboFix-om.




ComboFix log:

ComboFix 08-11-04.02 - AleXa89 2008-11-04 23:44:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.137 [GMT 1:00]
Running from: c:\documents and settings\AleXa89\Desktop\New Folder\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 )))))))))))))))))))))))))))))))
.

2008-11-04 18:44 . 2008-11-04 18:44 <DIR> d-------- c:\program files\PSPad editor
2008-11-04 18:44 . 2008-11-04 18:45 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\PSpad
2008-11-04 18:15 . 2008-11-04 18:15 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-11-04 18:15 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2008-11-04 18:10 . 2008-11-04 18:15 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2008-11-04 18:10 . 2008-11-04 18:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-04 18:10 . 2008-11-04 18:10 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\TuneUp Software
2008-11-04 18:06 . 2008-11-04 18:06 <DIR> d-------- c:\program files\RapidShare Plus
2008-11-04 18:03 . 2008-11-04 18:04 314 --a------ c:\windows\{21D15DED-F125-46C8-8017-CB9F1CEB5B4D}_WiseFW.ini
2008-11-04 17:38 . 2008-11-04 18:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-04 17:38 . 2008-11-04 18:04 <DIR> d-------- c:\program files\360desktop
2008-11-04 17:38 . 2008-11-04 17:38 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\360desktop
2008-11-04 16:00 . 2008-11-04 16:00 50,968 --a------ c:\windows\system32\avgfwdx.dll
2008-11-04 16:00 . 2008-11-04 16:00 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2008-11-04 15:23 . 2008-11-04 15:23 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2008-11-04 15:21 . 2008-11-04 15:21 <DIR> d-------- c:\program files\iolo
2008-11-04 15:21 . 2008-11-04 15:21 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2008-11-04 15:21 . 2008-06-19 18:15 918,368 --a------ c:\windows\system32\Incinerator.dll
2008-11-04 15:21 . 2008-06-16 20:21 29,696 --a------ c:\windows\system32\iolobtdfg.exe
2008-11-04 15:21 . 2008-06-06 17:55 8,704 --a------ c:\windows\system32\smrgdf.exe
2008-11-04 15:09 . 2008-11-04 15:09 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-04 15:09 . 2008-11-04 15:09 74,703 --a------ c:\windows\system32\mfc45.dll
2008-11-04 15:07 . 2008-11-04 15:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2008-11-04 15:07 . 2008-11-04 15:23 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\iolo
2008-11-04 15:05 . 2008-11-04 15:05 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-04 15:05 . 2008-11-04 15:07 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-04 15:04 . 2008-11-04 15:04 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-04 14:40 . 2008-11-04 15:10 <DIR> d-------- c:\documents and settings\AleXa89\Contacts
2008-11-04 14:39 . 2008-11-04 14:39 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-04 14:38 . 2008-11-04 14:39 <DIR> d-------- c:\program files\Windows Live
2008-11-04 14:38 . 2008-11-04 14:39 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-04 14:38 . 2008-11-04 14:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-04 05:06 . 2008-11-04 05:06 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-04 05:03 . 2008-10-03 18:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-04 05:03 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-04 05:03 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-04 05:03 . 2008-08-26 08:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-04 05:03 . 2008-08-26 08:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-04 05:03 . 2008-08-26 08:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-04 05:03 . 2008-08-26 08:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-04 05:03 . 2008-08-26 08:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-04 05:03 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-04 04:59 . 2006-09-25 18:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-11-04 04:51 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-04 04:51 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-04 04:51 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-04 04:51 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-04 04:43 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-04 04:43 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-04 04:33 . 2007-07-30 20:19 43,352 --a------ c:\windows\system32\wups2.dll
2008-11-04 04:32 . 2008-11-04 04:32 <DIR> d---s---- c:\documents and settings\AleXa89\UserData
2008-11-04 04:18 . 2008-11-04 04:18 22 --a------ c:\windows\system32\ati64hlp.stb
2008-11-04 04:10 . 2008-04-14 03:42 221,696 --a--c--- c:\windows\system32\dllcache\seo.dll
2008-11-04 04:09 . 2008-04-14 03:41 562,176 --a--c--- c:\windows\system32\dllcache\fxsst.dll
2008-11-04 04:08 . 2008-04-14 03:42 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-11-04 04:07 . 2008-11-04 04:07 <DIR> d-------- c:\windows\system32\xircom
2008-11-04 04:07 . 2008-11-04 04:07 <DIR> d-------- c:\program files\microsoft frontpage
2008-11-04 04:06 . 2008-11-04 04:06 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-04 03:54 . 2008-04-14 05:34 2,144,487 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2008-11-04 03:46 . 2008-11-04 03:50 <DIR> d-------- c:\windows\system32\scripting
2008-11-04 03:46 . 2008-11-04 03:50 <DIR> d-------- c:\windows\system32\en
2008-11-04 03:46 . 2008-11-04 15:08 <DIR> dr-hsc--- c:\windows\system32\dllcache
2008-11-04 03:46 . 2008-11-04 03:46 <DIR> d-------- c:\windows\NLDRV
2008-11-04 03:46 . 2008-11-04 03:51 <DIR> d-------- c:\windows\L2Schemas
2008-11-04 03:43 . 2008-04-13 20:32 4,190,352 --a--c--- c:\windows\system32\dllcache\luna.mst
2008-11-04 02:53 . 2008-11-04 02:53 <DIR> d-------- c:\program files\MagicDisc
2008-11-04 02:53 . 2008-07-28 18:19 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
2008-11-04 02:50 . 2008-11-04 02:51 <DIR> d-------- c:\program files\MagicISO
2008-11-04 02:28 . 2008-11-04 02:28 22 --a------ c:\windows\system32\ati64hl2.stb
2008-11-04 01:48 . 2008-11-04 23:35 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-04 01:29 . 2008-11-04 16:37 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-04 01:29 . 2008-11-04 16:25 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-04 01:29 . 2008-11-04 16:25 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-04 01:29 . 2008-11-04 01:29 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-04 01:28 . 2008-11-04 01:28 <DIR> d-------- c:\program files\AVG
2008-11-04 01:28 . 2008-11-04 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-04 01:20 . 2008-11-04 19:59 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\AVGTOOLBAR
2008-11-04 01:09 . 2007-02-20 17:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-11-04 01:09 . 2007-02-20 17:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-11-04 01:03 . 2004-01-12 01:00 348,160 --a------ c:\windows\system\msvcr71.dll
2008-11-04 00:56 . 2008-11-04 00:56 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-04 00:43 . 2008-11-04 00:43 348,160 --a------ c:\windows\msvcr71.dll
2008-11-04 00:42 . 2008-11-04 00:42 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-04 00:22 . 2008-11-04 00:22 <DIR> d-------- c:\program files\7-Zip
2008-11-03 22:38 . 2008-11-03 22:42 <DIR> d-------- c:\program files\YuRecnik
2008-11-03 20:40 . 2008-11-04 05:20 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-03 19:00 . 2008-11-03 19:03 <DIR> d-------- c:\program files\The KMPlayer
2008-11-03 18:08 . 2008-11-04 01:41 16,688 --ah----- c:\windows\system32\mlfcache.dat
2008-11-03 17:48 . 2008-11-03 17:48 <DIR> d-------- c:\program files\Safari
2008-11-03 17:48 . 2008-11-03 17:48 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\Apple Computer
2008-11-03 17:47 . 2008-11-03 17:47 <DIR> d-------- c:\program files\Bonjour
2008-11-03 17:47 . 2008-11-03 17:47 <DIR> d-------- c:\program files\Apple Software Update
2008-11-03 17:47 . 2008-11-03 17:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-03 17:41 . 2008-04-14 06:42 129,536 --a------ c:\windows\system32\ksproxy.ax
2008-11-03 17:41 . 2008-04-14 01:15 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2008-11-03 17:41 . 2008-04-14 01:15 6,272 --a------ c:\windows\system32\drivers\splitter.sys
2008-11-03 17:41 . 2008-04-14 06:41 4,096 --a------ c:\windows\system32\ksuser.dll
2008-11-03 16:24 . 2008-11-04 14:36 <DIR> d-------- c:\program files\Internet Download Manager
2008-11-03 16:24 . 2008-11-03 17:56 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\IDM
2008-11-03 16:24 . 2008-11-04 23:48 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\DMCache
2008-11-03 15:05 . 2007-07-30 20:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-11-03 15:05 . 2007-07-30 20:18 34,136 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-03 15:05 . 2007-07-30 20:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-03 15:05 . 2007-07-30 20:19 25,944 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-03 15:05 . 2007-07-30 20:19 25,944 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-03 15:05 . 2007-07-30 20:18 20,312 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-03 15:03 . 2008-11-03 15:03 0 --a------ c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 00:07 --------- d-----w c:\program files\Common Files\Adobe
2008-11-03 18:12 --------- d-----w c:\program files\Unlocker
2008-11-03 13:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 13:54 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-03 13:54 --------- d-----w c:\program files\ATI Technologies
2008-11-03 13:53 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-03 13:46 107,132 ----a-w c:\windows\UninstallFirefox.exe
2008-11-03 13:46 --------- d-----w c:\program files\QuickTime Alternative
2008-11-03 13:46 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-03 13:37 --------- d-----w c:\program files\MSN Messenger
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-10-28 2606512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-04 1235736]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-20 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\AleXa89\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-11-04 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-04 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-04 90632]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-04 874776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-04 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-04 1224984]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 592232]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 592232]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-04 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-04 29208]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-04 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\AleXa89\Application Data\Mozilla\Firefox\Profiles\zp2jrd6r.default\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 23:48:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-04 23:50:32
ComboFix-quarantined-files.txt 2008-11-04 22:50:18

Pre-Run: 17,795,653,632 bytes free
Post-Run: 17,790,984,192 bytes free

222





Trend Micro HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:26 AM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\TuneUp Utilities 2008\Integrator.exe
C:\Program Files\PSPad editor\PSPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....5769552233
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8-) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6522 bytes



Unapred hvala!


AleXa89

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U postavljenim logovima nema znakova malware-a.

Ostaje ti da deinstaliraš ComboFix ->

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala!!!