provera log-a

provera log-a

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 46

Izgleda da mi je racunar zarazen, kada ubacim usb pojavi se autorun file koji na mom racunaru nemogu da obrisem nikako, probao sam i sa usbnorisk i ne ide. Evo log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:36, on 4/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\Bojan\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Bojan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bojan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bojan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bojan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\ht1.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bojan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8D23642-1423-44E4-A543-7B6AC66011E0}: NameServer = 77.105.0.19 77.105.0.18
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe

--
End of file - 8323 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 46

DDS (Ver_10-03-17.01) - NTFSx86
Run by Bojan at 14:35:26.07 on Tue 04/06/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.380 [GMT 2:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: avast! antivirus 4.8.1368 [VPS 100406-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Bojan\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Bojan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bojan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bojan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bojan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bojan\My Documents\Downloads\RootRepeal\RootRepeal.exe
C:\Documents and Settings\Bojan\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Taskman=c:\documents and settings\bojan\application data\uyofn.exe
uWinlogon: Shell=c:\documents and settings\bojan\csrss.exe,explorer.exe,c:\documents and settings\bojan\application data\uyofn.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\bojan\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {A8D23642-1423-44E4-A543-7B6AC66011E0} = 77.105.0.18 77.105.0.19
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bojan\applic~1\mozilla\firefox\profiles\yfhp2ujl.default\
FF - plugin: c:\documents and settings\bojan\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 1\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 1\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 1\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 1\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 1\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.1 beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-1 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-1 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-1 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-1 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-1 352920]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-7-29 104344]
R3 WFIOCTL;WFIOCTL;c:\program files\winfast\wfdtv\WFIOCTL.sys [2009-2-25 9446]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-7-29 69656]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-7-4 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-7-4 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2009-8-4 32377]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-04-05 23:04:55 188416 --sh--r- c:\docume~1\bojan\applic~1\uyofn.exe
2010-03-30 06:30:47 0 ----a-w- c:\documents and settings\bojan\Desktop.ini
2010-03-27 15:12:34 112128 --sh--r- c:\documents and settings\bojan\csrss.exe
2010-03-18 18:31:59 0 d-----w- c:\docume~1\bojan\applic~1\AppLauncher
2010-03-12 08:51:28 0 d-----w- c:\program files\SignSIS-GUI

==================== Find3M ====================

2010-03-09 02:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll

============= FINISH: 14:35:55.29 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 46

ComboFix 10-04-05.06 - Bojan 04/06/2010 18:26:56.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.503 [GMT 2:00]
Running from: c:\documents and settings\Bojan\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100406-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Bojan\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Bojan\csrss.exe
c:\windows\system32\Dvbpws.dll
c:\windows\system32\logs

.
((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-06 13:06 . 2010-04-06 13:06 -------- d-----w- C:\452_ides
2010-04-06 13:05 . 2010-04-06 12:50 4001286 ----a-w- C:\452_ides.zip
2010-04-06 12:58 . 2010-04-06 12:58 -------- d-----w- C:\SAV32CLI
2010-04-05 23:04 . 2010-04-05 23:04 188416 --sh--r- c:\documents and settings\Bojan\Application Data\uyofn.exe
2010-04-03 09:37 . 2010-04-03 09:37 -------- d-----w- c:\program files\Common Files\Java
2010-04-03 09:37 . 2010-04-03 09:37 503808 ----a-w- c:\documents and settings\Bojan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24035a99-n\msvcp71.dll
2010-04-03 09:37 . 2010-04-03 09:37 499712 ----a-w- c:\documents and settings\Bojan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24035a99-n\jmc.dll
2010-04-03 09:37 . 2010-04-03 09:37 348160 ----a-w- c:\documents and settings\Bojan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24035a99-n\msvcr71.dll
2010-04-03 09:37 . 2010-04-03 09:37 12800 ----a-w- c:\documents and settings\Bojan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3d641655-n\decora-d3d.dll
2010-04-03 09:37 . 2010-04-03 09:37 61440 ----a-w- c:\documents and settings\Bojan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3d641655-n\decora-sse.dll
2010-03-18 18:32 . 2010-03-18 18:32 667648 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\Data Recovery.exe
2010-03-18 18:32 . 2010-03-18 18:32 53248 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\WinLockDLL.dll
2010-03-18 18:32 . 2010-03-18 18:32 208896 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\Reset.exe
2010-03-18 18:32 . 2010-03-18 18:32 770048 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\MakeBootable.exe
2010-03-18 18:32 . 2010-03-18 18:32 561152 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\PCLock.exe
2010-03-18 18:32 . 2010-03-18 18:32 462848 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\SecretZip.exe
2010-03-18 18:32 . 2010-03-18 18:32 2695168 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\DataSync.exe
2010-03-18 18:32 . 2010-03-18 18:32 1294336 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\LOCK.exe
2010-03-18 18:31 . 2010-03-18 18:32 -------- d-----w- c:\documents and settings\Bojan\Application Data\AppLauncher
2010-03-18 18:31 . 2009-08-10 18:36 7344128 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\AppLauncher.exe
2010-03-12 08:51 . 2010-03-12 09:26 -------- d-----w- c:\program files\SignSIS-GUI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 14:01 . 2009-03-27 13:38 -------- d-----w- c:\documents and settings\Bojan\Application Data\skypePM
2010-04-03 09:35 . 2009-03-29 09:39 -------- d-----w- c:\program files\Java
2010-04-02 17:17 . 2009-02-25 19:54 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 1
2010-03-29 18:33 . 2009-03-27 13:35 -------- d-----w- c:\documents and settings\Bojan\Application Data\Skype
2010-03-27 15:18 . 2009-02-27 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-09 02:28 . 2009-03-29 09:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-28 11:23 . 2010-02-28 11:23 -------- d-----w- c:\documents and settings\Bojan\Application Data\inkscape
2010-02-28 10:44 . 2010-02-28 10:30 -------- d-----w- c:\program files\Inkscape
2010-02-28 10:06 . 2009-03-13 14:13 -------- d-----w- c:\documents and settings\Bojan\Application Data\gtk-2.0
2010-02-28 09:48 . 2010-02-28 09:48 -------- d-----w- c:\program files\GIMP-2.0
2010-02-27 19:43 . 2009-09-12 23:51 -------- d-----w- c:\program files\Google
2010-01-07 15:07 . 2009-02-27 19:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-02-27 19:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-12 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"Google Update"="c:\documents and settings\Bojan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-27 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-06-14 46592]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 69632]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 397312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-01-28 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-12 122368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-5 113664]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-7-29 1205840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Bojan^Start Menu^Programs^Startup^ePrompter.lnk]
path=c:\documents and settings\Bojan\Start Menu\Programs\Startup\ePrompter.lnk
backup=c:\windows\pss\ePrompter.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/1/2009 10:36 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/1/2009 10:36 20560]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [7/29/2009 20:15 104344]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2/25/2009 23:06 9446]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [7/29/2009 20:15 69656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 21:43 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [7/4/2009 10:22 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [7/4/2009 10:22 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [8/4/2009 22:47 32377]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uxlyrpod

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 19:43]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 19:43]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-839522115-1003Core.job
- c:\documents and settings\Bojan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 19:48]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-839522115-1003UA.job
- c:\documents and settings\Bojan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 19:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {A8D23642-1423-44E4-A543-7B6AC66011E0} = 77.105.0.18 77.105.0.19
FF - ProfilePath - c:\documents and settings\Bojan\Application Data\Mozilla\Firefox\Profiles\yfhp2ujl.default\
FF - plugin: c:\documents and settings\Bojan\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-06 18:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\_av_proI.tm~a03940
c:\windows\TEMP\aswUpdSum.ini 110 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2010-04-06 18:37:06
ComboFix-quarantined-files.txt 2010-04-06 16:36

Pre-Run: 6,911,029,248 bytes free
Post-Run: 8,413,163,520 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1AC19B245D5CC7DEF0F2A8AA546B3C02

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\documents and settings\Bojan\Application Data\uyofn.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

------------------------------------

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 46

Napisano: 06 Apr 2010 21:32

ComboFix 10-04-05.06 - Bojan 04/06/2010 21:09:30.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.446 [GMT 2:00]
Running from: c:\documents and settings\Bojan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bojan\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100406-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

FILE ::
"c:\documents and settings\Bojan\Application Data\uyofn.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bojan\Application Data\uyofn.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-06 13:06 . 2010-04-06 13:06 -------- d-----w- C:\452_ides
2010-04-06 13:05 . 2010-04-06 12:50 4001286 ----a-w- C:\452_ides.zip
2010-04-06 12:58 . 2010-04-06 12:58 -------- d-----w- C:\SAV32CLI
2010-04-03 09:37 . 2010-04-03 09:37 -------- d-----w- c:\program files\Common Files\Java
2010-04-03 09:37 . 2010-04-03 09:37 503808 ----a-w- c:\documents and settings\Bojan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24035a99-n\msvcp71.dll
2010-04-03 09:37 . 2010-04-03 09:37 499712 ----a-w- c:\documents and settings\Bojan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24035a99-n\jmc.dll
2010-04-03 09:37 . 2010-04-03 09:37 348160 ----a-w- c:\documents and settings\Bojan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24035a99-n\msvcr71.dll
2010-04-03 09:37 . 2010-04-03 09:37 12800 ----a-w- c:\documents and settings\Bojan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3d641655-n\decora-d3d.dll
2010-04-03 09:37 . 2010-04-03 09:37 61440 ----a-w- c:\documents and settings\Bojan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3d641655-n\decora-sse.dll
2010-03-18 18:32 . 2010-03-18 18:32 667648 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\Data Recovery.exe
2010-03-18 18:32 . 2010-03-18 18:32 53248 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\WinLockDLL.dll
2010-03-18 18:32 . 2010-03-18 18:32 208896 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\Reset.exe
2010-03-18 18:32 . 2010-03-18 18:32 770048 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\MakeBootable.exe
2010-03-18 18:32 . 2010-03-18 18:32 561152 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\PCLock.exe
2010-03-18 18:32 . 2010-03-18 18:32 462848 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\SecretZip.exe
2010-03-18 18:32 . 2010-03-18 18:32 2695168 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\DataSync.exe
2010-03-18 18:32 . 2010-03-18 18:32 1294336 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\LOCK.exe
2010-03-18 18:31 . 2010-03-18 18:32 -------- d-----w- c:\documents and settings\Bojan\Application Data\AppLauncher
2010-03-18 18:31 . 2009-08-10 18:36 7344128 ----a-w- c:\documents and settings\Bojan\Application Data\AppLauncher\AppLauncher.exe
2010-03-12 08:51 . 2010-03-12 09:26 -------- d-----w- c:\program files\SignSIS-GUI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 16:57 . 2009-02-25 19:54 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 1
2010-04-06 14:01 . 2009-03-27 13:38 -------- d-----w- c:\documents and settings\Bojan\Application Data\skypePM
2010-04-03 09:35 . 2009-03-29 09:39 -------- d-----w- c:\program files\Java
2010-03-29 18:33 . 2009-03-27 13:35 -------- d-----w- c:\documents and settings\Bojan\Application Data\Skype
2010-03-27 15:18 . 2009-02-27 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-09 02:28 . 2009-03-29 09:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-28 11:23 . 2010-02-28 11:23 -------- d-----w- c:\documents and settings\Bojan\Application Data\inkscape
2010-02-28 10:44 . 2010-02-28 10:30 -------- d-----w- c:\program files\Inkscape
2010-02-28 10:06 . 2009-03-13 14:13 -------- d-----w- c:\documents and settings\Bojan\Application Data\gtk-2.0
2010-02-28 09:48 . 2010-02-28 09:48 -------- d-----w- c:\program files\GIMP-2.0
2010-02-27 19:43 . 2009-09-12 23:51 -------- d-----w- c:\program files\Google
2010-01-07 15:07 . 2009-02-27 19:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-02-27 19:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-12 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"Google Update"="c:\documents and settings\Bojan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-27 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-06-14 46592]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 69632]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 397312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-01-28 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-12 122368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-5 113664]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-7-29 1205840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Bojan^Start Menu^Programs^Startup^ePrompter.lnk]
path=c:\documents and settings\Bojan\Start Menu\Programs\Startup\ePrompter.lnk
backup=c:\windows\pss\ePrompter.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/1/2009 10:36 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/1/2009 10:36 20560]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [7/29/2009 20:15 104344]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2/25/2009 23:06 9446]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [7/29/2009 20:15 69656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 21:43 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [7/4/2009 10:22 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [7/4/2009 10:22 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [8/4/2009 22:47 32377]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uxlyrpod

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 19:43]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 19:43]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-839522115-1003Core.job
- c:\documents and settings\Bojan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 19:48]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-839522115-1003UA.job
- c:\documents and settings\Bojan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 19:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {A8D23642-1423-44E4-A543-7B6AC66011E0} = 77.105.0.18 77.105.0.19
FF - ProfilePath - c:\documents and settings\Bojan\Application Data\Mozilla\Firefox\Profiles\yfhp2ujl.default\
FF - plugin: c:\documents and settings\Bojan\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-06 21:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-06 21:18:54
ComboFix-quarantined-files.txt 2010-04-06 19:18
ComboFix2.txt 2010-04-06 16:37

Pre-Run: 8,535,638,016 bytes free
Post-Run: 8,526,180,352 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 572E3419F8E99209D6CD52020D458E77

Dopuna: 06 Apr 2010 21:35

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 4/6/2010 21:35:47

Searching for connected USB Mass storage...
----------------------------------------
G: {d012d989-32b9-11df-b131-4d6564696130}
H: {d012d98a-32b9-11df-b131-4d6564696130}
========================================

Searching for other storage...
----------------------------------------
C: {200afa2d-0373-11de-a823-806d6172696f}
D: {200afa2e-0373-11de-a823-806d6172696f}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on G:
No Autorun.inf files found on G:
No mountpoint found for d012d989-32b9-11df-b131-4d6564696130
No Desktop.ini files found on G:
No mimics found on drive G:
----------------------------------------

No blocked files found on H:
No Autorun.inf files found on H:
No mountpoint found for d012d98a-32b9-11df-b131-4d6564696130
No Desktop.ini files found on H:
No mimics found on drive H:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 200afa2d-0373-11de-a823-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 200afa2e-0373-11de-a823-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Pozdrav.

Ko je trenutno na forumu
 

Ukupno su 1165 korisnika na forumu :: 45 registrovanih, 10 sakrivenih i 1110 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Apok, babaroga, bokisha253, Boris Bosiljčić, BORUTUS, Bubili, Bubimir, cemix, croato, DENIRO, Dimitrise93, DPera, dule10savic, FileFinder, GenZee, goxin, ikan, JOntra, Kruger, Kubovac, KUZMAR, Lieutenant, ljuba, Luka Blažević, mercedesamg, milenko crazy north, Miroljub1979, MiroslavD, ostoja, pein, prle122, royst33, sasakrajina, Shinobi, sickmouse, suponik, taz1cl, vathra, VJ, vladulns, voja64, VP6919, |_MeD_|