Internet Security 2010

Internet Security 2010

offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Imate sve lepo objasnjeno u onoh temi dole, da se ja ne mucim da objasnjavam Mr. Green
http://www.mycity.rs/Uputstva/Kako-prepoznati-SmitFraud.html
Pojavljivao mi se Internet Security 2010, na desktopu mi se izbacivalo ono itd.
Skenirao sam sa MBAM, NOD32 i Spybot i svi ukupno su nasli, mislim, 26 pretnji. Dole su vam svi logovi:

MBAM
https://www.mycity.rs/must-login.png
===
NOD32
https://www.mycity.rs/must-login.png
===
Spybot
Nemam log, mogu samo da kazem da je pronasao Win32.Agent.chh i Doubleclick i jos nesto
===
DDS
DDS (Ver_09-12-01.01) - NTFSx86
Run by kole017 at 8:44:43.25 on Sat 02/01/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1918.1053 [GMT 1:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\kole017\Desktop\Ambulanta\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.rs/
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AutoScreenRecorder 3.1 Free]
uRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [ScanRegistry] C:\W
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {BB8BD4B8-6E1A-4B6E-B6F7-A5235CB6D591} = 208.67.222.222,208.67.220.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=icqskins&q=
FF - component: c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-12-9 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-12-9 552064]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-12-8 279680]
S0 bphkk;bphkk; [x]
S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?]

=============== Created Last 30 ================

2010-01-02 06:52:14 0 d-----w- c:\windows\pss
2010-01-02 02:52:37 0 ----a-w- c:\windows\system32\18467.exe
2010-01-01 15:22:41 120 ----a-w- c:\windows\TileMaker.ini
2010-01-01 15:19:54 796672 ----a-w- c:\windows\GPInstall.exe
2010-01-01 09:46:27 460800 ----a-w- c:\windows\snap.dat
2009-12-31 20:48:10 0 d-----w- c:\program files\honestech
2009-12-31 20:47:54 45 ----a-w- c:\windows\Twacker.ini
2009-12-31 20:47:52 45 ----a-w- c:\windows\lifeview.ini
2009-12-31 20:47:51 0 d-----w- C:\VideoCAM Express V2
2009-12-31 20:43:16 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-12-31 20:43:12 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-12-31 20:43:10 16384 ----a-w- c:\windows\system32\ipsink.ax
2009-12-31 20:43:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-12-31 20:43:07 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-12-31 20:43:05 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-12-31 20:43:02 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-12-31 20:42:59 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-12-31 20:42:56 14336 ----a-r- c:\windows\system32\dshow508.ax
2009-12-31 20:42:54 119798 ----a-r- c:\windows\system32\drivers\SPCA561.SYS
2009-12-31 20:42:53 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-31 20:42:53 28672 ----a-w- c:\windows\system32\vidcap.ax
2009-12-31 20:42:52 90624 ----a-w- c:\windows\system32\kswdmcap.ax
2009-12-31 20:42:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
2009-12-31 20:42:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2009-12-31 17:11:14 0 d-----w- c:\users\kole017\application data\BSplayer Pro
2009-12-31 17:08:23 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-31 17:08:15 0 d-----w- c:\program files\AoA Audio Extractor
2009-12-30 17:25:39 0 d-----w- c:\program files\Game_Maker7
2009-12-29 17:57:08 0 d-----w- C:\New Folder
2009-12-29 17:22:45 0 d-----w- C:\mat_bezbesi
2009-12-29 12:06:33 0 d-----w- c:\users\kole017\application data\Screaming Bee
2009-12-29 12:05:45 0 d-----w- c:\program files\Screaming Bee
2009-12-29 07:48:27 0 ---ha-w- c:\windows\SwSys2.bmp
2009-12-29 07:48:27 0 ---ha-w- c:\windows\SwSys1.bmp
2009-12-29 07:48:16 0 d-----w- c:\program files\Game_Maker8
2009-12-29 07:16:58 1156600 ----a-w- c:\windows\system\mfc90.dll
2009-12-28 17:40:40 0 d-----w- c:\program files\SomePDF
2009-12-28 12:02:19 0 d-----w- C:\PG
2009-12-26 18:06:53 487479 ----a-w- c:\windows\system32\SkinMagic.dll
2009-12-26 18:06:52 0 d-----w- c:\program files\Smallvideosoft
2009-12-26 10:46:25 0 d-----w- c:\users\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-26 10:46:25 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 10:38:09 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-26 07:11:02 0 d-----w- c:\program files\Audacity
2009-12-24 12:36:33 0 d-----w- c:\program files\Notepad2
2009-12-22 18:36:51 0 d-----w- c:\program files\common files\Macrovision Shared
2009-12-22 18:35:23 754 ----a-w- c:\windows\WORDPAD.INI
2009-12-21 15:58:11 0 d-----w- c:\program files\Real Alternative
2009-12-21 15:57:10 168448 ----a-w- c:\windows\system32\unrar.dll
2009-12-21 15:57:02 839680 ----a-w- c:\windows\system32\lameACM.acm
2009-12-21 15:57:02 414 ----a-w- c:\windows\system32\lame_acm.xml
2009-12-21 15:57:01 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-21 15:57:01 118784 ----a-w- c:\windows\system32\ac3acm.acm
2009-12-21 15:57:00 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-12-21 15:57:00 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-21 15:56:54 684032 ----a-w- c:\windows\system32\divx.dll
2009-12-21 15:56:52 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 15:56:52 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-12-21 15:56:50 0 d-----w- c:\program files\K-Lite Codec Pack
2009-12-21 15:56:33 0 d-----w- c:\program files\Ant Movie Catalog
2009-12-19 12:24:07 0 d-----w- C:\games
2009-12-19 07:14:26 0 d-----w- c:\users\kole017\application data\FireShot
2009-12-17 20:10:51 0 d-----w- c:\program files\WinHTTrack
2009-12-17 10:50:41 0 d-----w- c:\users\kole017\application data\Malwarebytes
2009-12-17 10:50:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 10:50:36 0 d-----w- c:\users\alluse~1\applic~1\Malwarebytes
2009-12-17 10:50:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 10:50:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-16 08:09:52 0 d-----w- c:\users\alluse~1\applic~1\Deskshare
2009-12-16 08:09:45 0 d-----w- c:\windows\XSxS
2009-12-16 08:09:45 0 d-----w- c:\program files\Xenocode
2009-12-16 08:09:35 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-16 08:09:33 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-15 21:42:58 0 d-----w- c:\program files\FreeTime
2009-12-15 18:37:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-15 18:35:15 0 d-----r- c:\program files\Skype
2009-12-14 19:38:33 69632 ----a-w- c:\windows\system32\DivXG400.ax
2009-12-14 19:38:33 0 d-----w- C:\DivXG400
2009-12-14 19:38:25 34816 ----a-w- c:\windows\system\mpgaudio.ax
2009-12-14 19:38:25 294912 ----a-w- c:\windows\system\iviaudio.ax
2009-12-14 19:38:14 0 d-----w- c:\program files\ffdshow
2009-12-12 05:19:09 1258 ----a-w- C:\Document.rtf
2009-12-12 04:37:27 0 d-----w- c:\users\alluse~1\applic~1\ICQ
2009-12-12 04:00:01 0 d-----w- c:\program files\YouTube Downloader
2009-12-11 09:34:03 0 d-----w- c:\users\kole017\dwhelper
2009-12-11 01:52:28 82 ----a-w- c:\users\kole017\default.pls
2009-12-10 01:23:11 0 d-----w- c:\windows\system32\Adobe
2009-12-10 00:04:57 0 d-----w- c:\users\kole017\application data\BSplayer
2009-12-10 00:04:48 0 d-----w- c:\program files\Webteh
2009-12-09 10:44:22 0 d-----w- c:\program files\URUSoft
2009-12-09 06:26:51 0 d-----w- c:\users\kole017\Tracing
2009-12-09 06:23:36 0 d-----w- c:\program files\Microsoft
2009-12-09 06:23:19 0 d-----w- c:\program files\Windows Live SkyDrive
2009-12-09 06:19:49 0 d-----w- c:\program files\common files\Windows Live
2009-12-09 06:11:45 0 d-----w- c:\users\kole017\Contacts
2009-12-09 06:01:10 268 ---ha-w- C:\sqmdata02.sqm
2009-12-09 06:01:10 244 ---ha-w- C:\sqmnoopt02.sqm
2009-12-09 05:59:56 268 ---ha-w- C:\sqmdata01.sqm
2009-12-09 05:59:56 244 ---ha-w- C:\sqmnoopt01.sqm
2009-12-09 03:06:48 268 ---ha-w- C:\sqmdata00.sqm
2009-12-09 03:06:48 244 ---ha-w- C:\sqmnoopt00.sqm
2009-12-09 02:57:30 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-12-09 02:57:30 298104 ----a-w- c:\windows\system32\imon.dll
2009-12-09 02:57:30 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-12-09 02:57:30 0 d-----w- c:\program files\Eset
2009-12-08 15:59:11 331184 ------w- c:\windows\system32\difxapi.dll
2009-12-08 15:59:11 0 d-----w- c:\program files\VIA
2009-12-08 13:53:09 0 d-----w- c:\program files\common files\ODBC
2009-12-08 13:53:07 0 d-----w- c:\program files\common files\SpeechEngines
2009-12-08 13:52:46 0 d-----r- c:\users\all users\Documents
2009-12-08 04:56:55 0 d-----w- c:\program files\CamStudio
2009-12-08 04:02:47 0 d-----w- c:\users\alluse~1\applic~1\Nero
2009-12-08 04:02:46 0 d-----w- c:\program files\Nero
2009-12-08 04:01:35 0 d-----w- c:\program files\JockerSoft
2009-12-08 04:01:33 0 d-----w- c:\program files\AVIcodec
2009-12-08 04:00:47 0 d-----w- c:\program files\Windows Media Connect 2
2009-12-08 03:58:59 0 d-----w- c:\program files\MSN Messenger
2009-12-08 03:58:07 0 d-----w- c:\program files\PDFCreator
2009-12-08 03:50:17 0 d-----w- c:\program files\Microsoft ActiveSync
2009-12-08 03:50:02 0 d-----w- c:\program files\Microsoft Office 2003
2009-12-08 03:48:51 0 d-----w- c:\program files\MicrosoftOfficeSetupFiles
2009-12-08 03:48:41 0 d-----w- c:\program files\Unlocker
2009-12-08 03:30:01 0 d-----w- c:\program files\CCleaner
2009-12-08 03:09:26 0 d-----w- c:\program files\MSXML 6.0
2009-12-08 03:09:23 0 d-----w- c:\program files\MSXML 4.0
2009-12-08 03:04:54 0 d-----w- c:\program files\Xvid
2009-12-08 03:00:33 0 d-sh--w- c:\users\all users\DRM
2009-12-08 03:00:17 0 d--h--w- c:\program files\WindowsUpdate
2009-12-08 03:00:14 0 d-----w- c:\program files\Online Services
2009-12-08 02:59:39 0 d-----w- c:\program files\common files\MSSoap
2009-12-08 02:58:09 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-12-08 02:58:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 04:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll

============= FINISH: 8:44:56.18 ===============


https://www.mycity.rs/must-login.png
===
RootRapeal (GMER mi je ukocio kompjuter)
https://www.mycity.rs/must-login.png

Da li je sada sve cisto Question

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Napisano: 02 Jan 2010 9:36

Malo detaljnjije Mr. Green
Ukljucio sam kompjuter u Normal mode i odjednom se pojavise upozorenja. Ni jednu aplikaciju nisam mogao da pokrenem, stalno je izbacivalo te IS2010, Spyware Alert, Download latest updates itd. Pokrenuo sam kompjuterce u Safe mode gde su se isti ti prozori pojavili samo su mogli da se iskljuce. Iskljucio sam System Restore, skenirao sa MBAM, prebacio u Normal mode gde sam skenirao NOD32-om i Spybot-om.

Dopuna: 02 Jan 2010 9:37

Nisam ti video post, sada cu sve da uradim sa ComboFix.

Dopuna: 02 Jan 2010 9:46

Here you are...
Recovery Console nisam prihvatio jer ko zna kada cu oboriti ovaj sistem.

ComboFix 10-01-01.01 - kole017 02/01/2010 9:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1918.1359 [GMT 1:00]
Running from: c:\users\kole017\Desktop\Ambulanta\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\18467.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-01 15:19 . 2010-01-01 15:19 796672 ----a-w- c:\windows\GPInstall.exe
2010-01-01 09:46 . 2010-01-01 09:52 460800 ----a-w- c:\windows\snap.dat
2009-12-31 20:48 . 2009-12-31 20:48 -------- d-----w- c:\program files\honestech
2009-12-31 20:47 . 2009-12-31 20:47 -------- d-----w- C:\VideoCAM Express V2
2009-12-31 20:43 . 2004-08-03 21:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-12-31 20:43 . 2004-08-03 22:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-12-31 20:43 . 2004-08-03 22:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-12-31 20:42 . 2004-08-03 22:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-12-31 20:42 . 2002-09-30 12:38 119798 ----a-r- c:\windows\system32\drivers\SPCA561.SYS
2009-12-31 20:42 . 2004-08-03 23:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-31 17:11 . 2009-12-31 17:11 -------- d-----w- c:\users\kole017\Application Data\BSplayer Pro
2009-12-31 17:08 . 2007-05-13 11:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-31 17:08 . 2009-12-31 17:09 -------- d-----w- c:\program files\AoA Audio Extractor
2009-12-31 14:48 . 2009-12-31 14:48 5061520 ----a-w- c:\users\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 17:25 . 2009-12-30 17:25 -------- d-----w- c:\program files\Game_Maker7
2009-12-30 10:59 . 2009-12-30 10:59 -------- d-----w- c:\program files\Recuva
2009-12-29 17:57 . 2009-12-29 17:58 -------- d-----w- C:\New Folder
2009-12-29 17:22 . 2009-12-29 17:59 -------- d-----w- C:\mat_bezbesi
2009-12-29 12:06 . 2009-12-29 12:06 -------- d-----w- c:\users\kole017\Application Data\Screaming Bee
2009-12-29 12:05 . 2009-12-29 12:05 -------- d-----w- c:\program files\Screaming Bee
2009-12-29 07:48 . 2009-12-29 07:48 -------- d-----w- c:\program files\Game_Maker8
2009-12-29 07:16 . 2009-11-27 08:17 1156600 ----a-w- c:\windows\system\mfc90.dll
2009-12-28 17:40 . 2009-12-28 17:40 -------- d-----w- c:\program files\SomePDF
2009-12-28 12:41 . 2009-12-28 12:42 -------- d-----w- c:\users\kole017\Application Data\Winamp
2009-12-28 12:02 . 2009-12-28 12:02 -------- d-----w- C:\PG
2009-12-26 22:00 . 2009-12-26 22:01 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Adobe
2009-12-26 18:06 . 2006-10-17 21:29 487479 ----a-w- c:\windows\system32\SkinMagic.dll
2009-12-26 18:06 . 2009-12-26 18:06 -------- d-----w- c:\program files\Smallvideosoft
2009-12-26 11:50 . 2009-12-26 11:50 -------- d-----w- c:\users\Administrator\Application Data\Malwarebytes
2009-12-26 10:46 . 2009-12-26 11:14 -------- d-----w- c:\users\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 10:46 . 2009-12-26 10:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 10:38 . 2009-12-26 10:38 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-26 07:11 . 2009-12-26 07:11 -------- d-----w- c:\program files\Audacity
2009-12-24 12:36 . 2009-12-24 12:36 -------- d-----w- c:\program files\Notepad2
2009-12-22 18:53 . 2009-12-22 18:53 -------- d-----w- c:\users\All Users\Application Data\FLEXnet
2009-12-22 18:43 . 2009-12-22 18:43 -------- d-----w- c:\program files\Adobe Media Player
2009-12-22 18:41 . 2009-12-22 18:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 18:36 . 2009-12-22 18:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-21 15:58 . 2009-12-21 15:58 -------- d-----w- c:\program files\Real Alternative
2009-12-21 15:57 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-12-21 15:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-21 15:57 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-12-21 15:57 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-21 15:56 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-12-21 15:56 . 2008-12-08 11:53 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 15:56 . 2009-12-21 15:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-21 15:56 . 2009-12-21 15:56 -------- d-----w- c:\program files\Ant Movie Catalog
2009-12-19 12:29 . 2009-12-19 12:29 -------- d-----w- c:\users\All Users\Application Data\NVIDIA
2009-12-19 12:24 . 2009-12-19 12:24 -------- d-----w- C:\games
2009-12-19 10:03 . 2009-12-19 10:03 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Mozilla
2009-12-19 07:14 . 2009-12-19 07:14 -------- d-----w- c:\users\kole017\Application Data\FireShot
2009-12-18 10:43 . 2009-10-08 09:31 3204096 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS-0.80.dll
2009-12-18 10:43 . 2009-10-07 17:06 106496 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.80.dll
2009-12-17 20:33 . 2009-12-17 20:33 -------- d-----w- c:\users\NetworkService\Local Settings\Application Data\Apple
2009-12-17 20:10 . 2009-12-17 20:10 -------- d-----w- c:\program files\WinHTTrack
2009-12-17 12:00 . 2009-12-17 12:00 -------- d-----w- c:\users\car017\Local Settings\Application Data\Google
2009-12-17 10:50 . 2009-12-17 10:50 -------- d-----w- c:\users\kole017\Application Data\Malwarebytes
2009-12-17 10:50 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 10:50 . 2009-12-17 10:50 -------- d-----w- c:\users\All Users\Application Data\Malwarebytes
2009-12-17 10:50 . 2009-12-31 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 10:50 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 10:05 . 2009-12-17 10:05 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Google
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\users\All Users\Application Data\Deskshare
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Xenocode
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\windows\XSxS
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\program files\Xenocode
2009-12-16 08:09 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-16 08:09 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-16 08:08 . 2006-10-11 05:03 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2009-12-16 08:07 . 2009-12-31 17:10 -------- d---a-w- c:\users\All Users\Application Data\TEMP
2009-12-15 21:42 . 2009-12-15 21:42 -------- d-----w- c:\program files\FreeTime
2009-12-15 21:25 . 2009-12-31 13:04 -------- d-----w- c:\users\kole017\Local Settings\Application Data\WMTools Downloaded Files
2009-12-15 18:37 . 2009-12-15 18:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-15 18:37 . 2010-01-02 08:08 -------- d-----w- c:\users\kole017\Application Data\skypePM
2009-12-15 18:35 . 2010-01-02 08:41 -------- d-----w- c:\users\kole017\Application Data\Skype
2009-12-15 18:35 . 2009-12-15 18:35 -------- d-----w- c:\program files\Common Files\Skype
2009-12-15 18:35 . 2009-12-16 08:17 -------- d-----r- c:\program files\Skype
2009-12-15 04:39 . 2009-12-15 04:39 -------- d-----w- c:\users\car017\Local Settings\Application Data\Apple Computer
2009-12-15 04:39 . 2009-12-15 04:39 -------- d-----w- c:\users\car017\Application Data\BSplayer
2009-12-14 22:17 . 2009-12-14 22:17 -------- d-----w- c:\users\car017\Application Data\Thunderbird
2009-12-14 22:17 . 2009-12-14 22:17 -------- d-----w- c:\users\car017\Local Settings\Application Data\Thunderbird
2009-12-14 19:41 . 2004-08-04 09:00 25600 ----a-w- c:\users\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-14 19:38 . 2009-12-14 19:38 -------- d-----w- C:\DivXG400
2009-12-14 19:38 . 2009-12-14 19:38 -------- d-----w- c:\program files\ffdshow
2009-12-14 19:28 . 2009-12-14 19:28 -------- d-----w- c:\users\car017\Application Data\Media Player Classic
2009-12-14 19:26 . 2009-12-14 19:26 -------- d-----w- c:\users\car017\Application Data\Apple Computer
2009-12-12 04:45 . 2009-10-08 09:31 3204096 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-12-12 04:45 . 2009-10-07 17:06 106496 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-12-12 04:45 . 2009-09-23 20:29 28672 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-12-12 04:45 . 2009-03-19 22:57 40960 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-12-12 04:37 . 2009-12-16 11:06 -------- d-----w- c:\users\All Users\Application Data\ICQ
2009-12-12 04:00 . 2009-12-21 20:46 -------- d-----w- c:\program files\YouTube Downloader
2009-12-11 09:34 . 2009-12-11 09:34 -------- d-----w- c:\users\kole017\dwhelper
2009-12-11 01:52 . 2009-12-11 01:52 -------- d-----w- c:\users\kole017\Application Data\Ahead
2009-12-11 01:52 . 2009-12-11 01:52 -------- d-----w- c:\users\kole017\Application Data\DivX
2009-12-10 02:24 . 2009-12-10 02:24 -------- d-----w- c:\users\kole017\Application Data\CyberLink
2009-12-10 01:23 . 2009-12-15 05:48 -------- d-----w- c:\windows\system32\Adobe
2009-12-10 00:04 . 2009-12-26 09:39 -------- d-----w- c:\users\kole017\Application Data\BSplayer
2009-12-10 00:04 . 2009-12-10 00:04 -------- d-----w- c:\program files\Webteh
2009-12-10 00:03 . 2009-12-10 00:04 -------- d-----w- c:\program files\QuickTime
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\All Users\Application Data\Apple Computer
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\program files\Common Files\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\program files\Apple Software Update
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\All Users\Application Data\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Apple Computer
2009-12-09 11:00 . 2009-12-09 11:00 -------- d-----w- c:\users\car017\Local Settings\Application Data\Mozilla
2009-12-09 10:57 . 2009-12-09 10:58 -------- d-----w- c:\users\car017\Local Settings\Application Data\Adobe
2009-12-09 10:44 . 2009-12-29 10:59 -------- d-----w- c:\program files\URUSoft
2009-12-09 07:42 . 2009-12-09 07:42 -------- d-----w- c:\users\All Users\Application Data\CyberLink
2009-12-09 07:42 . 2009-12-09 07:42 -------- d-----w- c:\program files\CyberLink
2009-12-09 06:26 . 2010-01-02 08:08 -------- d-----w- c:\users\kole017\Tracing
2009-12-09 06:23 . 2009-12-09 06:23 -------- d-----w- c:\program files\Microsoft
2009-12-09 06:23 . 2009-12-09 06:23 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-09 06:22 . 2009-12-18 07:52 -------- d-----w- c:\program files\Windows Live
2009-12-09 06:22 . 2009-12-22 18:54 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Adobe
2009-12-09 06:21 . 2009-12-22 18:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-09 06:19 . 2009-12-09 06:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-09 06:19 . 2009-12-09 06:19 -------- d-----w- c:\windows\Sun
2009-12-09 06:11 . 2009-12-09 06:11 -------- d-----w- c:\users\kole017\Contacts
2009-12-09 06:04 . 2009-12-09 06:05 1925024 ----a-w- c:\users\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-12-09 06:04 . 2009-12-18 07:45 -------- d-----w- c:\users\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 12:42 . 2009-12-08 03:59 -------- d-----w- c:\program files\Winamp
2009-12-26 20:17 . 2009-12-08 04:56 -------- d-----w- c:\program files\CamStudio
2009-12-24 14:57 . 2009-12-09 10:56 295608 ----a-w- c:\users\car017\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 18:53 . 2009-12-08 04:32 295608 ----a-w- c:\users\kole017\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 09:48 . 2009-12-08 03:58 -------- d-----w- c:\program files\Google
2009-12-17 10:02 . 2009-12-08 03:58 -------- d-----w- c:\users\Administrator\Application Data\Skype
2009-12-16 08:09 . 2009-12-08 03:04 -------- d-----w- c:\program files\Xvid
2009-12-15 18:35 . 2009-12-08 03:58 -------- d-----w- c:\users\All Users\Application Data\Skype
2009-12-10 03:46 . 2009-12-08 03:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-09 23:24 . 2009-12-08 03:30 -------- d-----w- c:\program files\CCleaner
2009-12-09 07:41 . 2009-12-08 03:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-09 06:24 . 2009-12-08 03:58 -------- d-----w- c:\program files\MSN Messenger
2009-12-08 16:01 . 2009-12-08 15:59 -------- d-----w- c:\program files\VIA
2009-12-08 04:52 . 2009-12-08 03:48 -------- d-----w- c:\program files\Unlocker
2009-12-08 04:30 . 2009-12-08 04:30 -------- d-----w- c:\users\kole017\Application Data\Talkback
2009-12-08 04:30 . 2009-12-08 04:30 0 ----a-w- c:\windows\nsreg.dat
2009-12-08 04:04 . 2009-12-08 03:59 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-08 04:03 . 2009-12-08 04:03 -------- d-----w- c:\users\Administrator\Application Data\Ahead
2009-12-08 04:03 . 2009-12-08 04:02 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-08 04:02 . 2009-12-08 04:02 -------- d-----w- c:\users\All Users\Application Data\Nero
2009-12-08 04:02 . 2009-12-08 04:02 -------- d-----w- c:\program files\Nero
2009-12-08 04:01 . 2009-12-08 04:01 -------- d-----w- c:\program files\JockerSoft
2009-12-08 04:01 . 2009-12-08 04:01 -------- d-----w- c:\program files\AVIcodec
2009-12-08 04:00 . 2009-12-08 04:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-08 03:59 . 2009-12-08 03:59 -------- d-----w- c:\users\Administrator\Application Data\BSplayer Pro
2009-12-08 03:59 . 2009-12-08 03:59 -------- d-----w- c:\users\All Users\Application Data\Yahoo!
2009-12-08 03:58 . 2009-12-08 03:58 -------- d-----w- c:\program files\PDFCreator
2009-12-08 03:58 . 2009-12-08 03:58 -------- d-----w- c:\users\Administrator\Application Data\Notepad++
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft Office 2003
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft.NET
2009-12-08 03:48 . 2009-12-08 03:48 -------- d-----w- c:\program files\MicrosoftOfficeSetupFiles
2009-12-08 03:48 . 2009-12-08 03:48 -------- d-----w- c:\program files\7-Zip
2009-12-08 03:29 . 2009-12-08 03:29 -------- d-----w- c:\program files\MSBuild
2009-12-08 03:29 . 2009-12-08 03:29 424696 ----a-w- c:\users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-08 03:26 . 2009-12-08 03:26 -------- d-----w- c:\program files\Reference Assemblies
2009-12-08 03:09 . 2009-12-08 03:09 -------- d-----w- c:\program files\MSXML 6.0
2009-12-08 03:09 . 2009-12-08 03:09 -------- d-----w- c:\program files\MSXML 4.0
2009-12-08 03:04 . 2009-12-08 03:04 -------- d-----w- c:\program files\Java
2009-12-08 03:04 . 2009-12-08 03:04 -------- d-----w- c:\program files\Common Files\Java
2009-12-08 02:58 . 2009-12-08 02:58 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 04:48 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

------- Sigcheck -------

[-] 2004-08-04 . BB4D3A8E6F7EB1D370BC4AD27AB23368 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-12-09 949376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"StartMenuFavorites"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\games\\CS 1.6 v42 FULL\\hl.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [9/12/2009 3:57 AM 15424]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/04/2009 1:19 PM 23064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/12/2009 5:01 PM 279680]
S0 bphkk;bphkk; [x]
S2 OMSCAN;OMSCAN;\SysvT --> \SysvT [?]
S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {BB8BD4B8-6E1A-4B6E-B6F7-A5235CB6D591} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=icqskins&q=
FF - component: c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-AutoScreenRecorder 3.1 Free - (no file)
HKCU-Run-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
AddRemove-AcidSpunk2.14 - c:\program files\Winamp\plugins\Uninstall\uninstall.exe
AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe
AddRemove-Winamp Essentials Pack - c:\program files\Winamp\UninstallWinampEssentials.exe
AddRemove-Wisdom-soft Set up ASR 3.1 Free - c:\progra~1\Wisdom-soft AutoScreenRecorder 3 Free\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 09:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(688-)
c:\windows\system32\imon.dll
.
Completion time: 2010-01-02 09:42:31
ComboFix-quarantined-files.txt 2010-01-02 08:42

Pre-Run: 91,423,985,664 bytes free
Post-Run: 91,868,307,456 bytes free

- - End Of File - - DB325014B3C0335AEDE2A2D891E3D70C

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\fjhdyfhsn.bat
C:\WINDOWS\system32\drivers\bphkk.sys

Driver::
bphkk


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Napisano: 02 Jan 2010 15:07

ComboFix 10-01-01.02 - kole017 02/01/2010 14:56:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1918.1470 [GMT 1:00]
Running from: c:\users\kole017\Desktop\Ambulanta\ComboFix.exe
Command switches used :: c:\users\kole017\Desktop\Ambulanta\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\bphkk.sys"
"c:\windows\system32\fjhdyfhsn.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BPHKK
-------\Service_bphkk


((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-02 08:50 . 2010-01-02 08:50 -------- d-----w- c:\windows\system32\wbem\snmp
2010-01-02 08:50 . 2010-01-02 08:50 -------- d-----w- c:\windows\system32\xircom
2010-01-02 08:50 . 2010-01-02 08:50 -------- d-----w- c:\program files\microsoft frontpage
2010-01-01 15:19 . 2010-01-01 15:19 796672 ----a-w- c:\windows\GPInstall.exe
2010-01-01 09:46 . 2010-01-01 09:52 460800 ----a-w- c:\windows\snap.dat
2009-12-31 20:48 . 2009-12-31 20:48 -------- d-----w- c:\program files\honestech
2009-12-31 20:47 . 2009-12-31 20:47 -------- d-----w- C:\VideoCAM Express V2
2009-12-31 20:43 . 2004-08-03 21:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-12-31 20:43 . 2004-08-03 22:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-12-31 20:43 . 2004-08-03 22:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-12-31 20:42 . 2004-08-03 22:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-12-31 20:42 . 2002-09-30 12:38 119798 ----a-r- c:\windows\system32\drivers\SPCA561.SYS
2009-12-31 20:42 . 2004-08-03 23:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-31 17:11 . 2009-12-31 17:11 -------- d-----w- c:\users\kole017\Application Data\BSplayer Pro
2009-12-31 17:08 . 2007-05-13 11:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-31 17:08 . 2009-12-31 17:09 -------- d-----w- c:\program files\AoA Audio Extractor
2009-12-31 14:48 . 2009-12-31 14:48 5061520 ----a-w- c:\users\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 17:25 . 2009-12-30 17:25 -------- d-----w- c:\program files\Game_Maker7
2009-12-30 10:59 . 2009-12-30 10:59 -------- d-----w- c:\program files\Recuva
2009-12-29 17:57 . 2009-12-29 17:58 -------- d-----w- C:\New Folder
2009-12-29 17:22 . 2009-12-29 17:59 -------- d-----w- C:\mat_bezbesi
2009-12-29 12:06 . 2009-12-29 12:06 -------- d-----w- c:\users\kole017\Application Data\Screaming Bee
2009-12-29 12:05 . 2009-12-29 12:05 -------- d-----w- c:\program files\Screaming Bee
2009-12-29 07:48 . 2009-12-29 07:48 -------- d-----w- c:\program files\Game_Maker8
2009-12-29 07:16 . 2009-11-27 08:17 1156600 ----a-w- c:\windows\system\mfc90.dll
2009-12-28 17:40 . 2009-12-28 17:40 -------- d-----w- c:\program files\SomePDF
2009-12-28 12:41 . 2009-12-28 12:42 -------- d-----w- c:\users\kole017\Application Data\Winamp
2009-12-28 12:02 . 2009-12-28 12:02 -------- d-----w- C:\PG
2009-12-26 22:00 . 2009-12-26 22:01 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Adobe
2009-12-26 18:06 . 2006-10-17 21:29 487479 ----a-w- c:\windows\system32\SkinMagic.dll
2009-12-26 18:06 . 2009-12-26 18:06 -------- d-----w- c:\program files\Smallvideosoft
2009-12-26 11:50 . 2009-12-26 11:50 -------- d-----w- c:\users\Administrator\Application Data\Malwarebytes
2009-12-26 10:46 . 2009-12-26 11:14 -------- d-----w- c:\users\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 10:46 . 2009-12-26 10:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 07:11 . 2009-12-26 07:11 -------- d-----w- c:\program files\Audacity
2009-12-24 12:36 . 2009-12-24 12:36 -------- d-----w- c:\program files\Notepad2
2009-12-22 18:53 . 2009-12-22 18:53 -------- d-----w- c:\users\All Users\Application Data\FLEXnet
2009-12-22 18:43 . 2009-12-22 18:43 -------- d-----w- c:\program files\Adobe Media Player
2009-12-22 18:41 . 2009-12-22 18:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 18:36 . 2009-12-22 18:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-21 15:58 . 2009-12-21 15:58 -------- d-----w- c:\program files\Real Alternative
2009-12-21 15:57 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-12-21 15:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-21 15:57 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-12-21 15:57 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-21 15:56 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-12-21 15:56 . 2008-12-08 11:53 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 15:56 . 2009-12-21 15:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-21 15:56 . 2009-12-21 15:56 -------- d-----w- c:\program files\Ant Movie Catalog
2009-12-19 12:29 . 2009-12-19 12:29 -------- d-----w- c:\users\All Users\Application Data\NVIDIA
2009-12-19 12:24 . 2009-12-19 12:24 -------- d-----w- C:\games
2009-12-19 10:03 . 2009-12-19 10:03 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Mozilla
2009-12-19 07:14 . 2009-12-19 07:14 -------- d-----w- c:\users\kole017\Application Data\FireShot
2009-12-18 10:43 . 2009-10-08 09:31 3204096 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS-0.80.dll
2009-12-18 10:43 . 2009-10-07 17:06 106496 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.80.dll
2009-12-17 20:33 . 2009-12-17 20:33 -------- d-----w- c:\users\NetworkService\Local Settings\Application Data\Apple
2009-12-17 20:10 . 2009-12-17 20:10 -------- d-----w- c:\program files\WinHTTrack
2009-12-17 12:00 . 2009-12-17 12:00 -------- d-----w- c:\users\car017\Local Settings\Application Data\Google
2009-12-17 10:50 . 2009-12-17 10:50 -------- d-----w- c:\users\kole017\Application Data\Malwarebytes
2009-12-17 10:50 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 10:50 . 2009-12-17 10:50 -------- d-----w- c:\users\All Users\Application Data\Malwarebytes
2009-12-17 10:50 . 2009-12-31 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 10:50 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 10:05 . 2009-12-17 10:05 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Google
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\users\All Users\Application Data\Deskshare
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Xenocode
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\windows\XSxS
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\program files\Xenocode
2009-12-16 08:09 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-16 08:09 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-16 08:08 . 2006-10-11 05:03 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2009-12-16 08:07 . 2009-12-31 17:10 -------- d---a-w- c:\users\All Users\Application Data\TEMP
2009-12-15 21:42 . 2009-12-15 21:42 -------- d-----w- c:\program files\FreeTime
2009-12-15 21:25 . 2009-12-31 13:04 -------- d-----w- c:\users\kole017\Local Settings\Application Data\WMTools Downloaded Files
2009-12-15 18:37 . 2009-12-15 18:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-15 18:37 . 2010-01-02 08:08 -------- d-----w- c:\users\kole017\Application Data\skypePM
2009-12-15 18:35 . 2010-01-02 13:59 -------- d-----w- c:\users\kole017\Application Data\Skype
2009-12-15 18:35 . 2009-12-15 18:35 -------- d-----w- c:\program files\Common Files\Skype
2009-12-15 18:35 . 2009-12-16 08:17 -------- d-----r- c:\program files\Skype
2009-12-15 04:39 . 2009-12-15 04:39 -------- d-----w- c:\users\car017\Local Settings\Application Data\Apple Computer
2009-12-15 04:39 . 2009-12-15 04:39 -------- d-----w- c:\users\car017\Application Data\BSplayer
2009-12-14 22:17 . 2009-12-14 22:17 -------- d-----w- c:\users\car017\Application Data\Thunderbird
2009-12-14 22:17 . 2009-12-14 22:17 -------- d-----w- c:\users\car017\Local Settings\Application Data\Thunderbird
2009-12-14 19:41 . 2004-08-04 09:00 25600 ----a-w- c:\users\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-14 19:38 . 2009-12-14 19:38 -------- d-----w- C:\DivXG400
2009-12-14 19:38 . 2009-12-14 19:38 -------- d-----w- c:\program files\ffdshow
2009-12-14 19:28 . 2009-12-14 19:28 -------- d-----w- c:\users\car017\Application Data\Media Player Classic
2009-12-14 19:26 . 2009-12-14 19:26 -------- d-----w- c:\users\car017\Application Data\Apple Computer
2009-12-12 04:45 . 2009-10-08 09:31 3204096 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-12-12 04:45 . 2009-10-07 17:06 106496 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-12-12 04:45 . 2009-09-23 20:29 28672 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-12-12 04:45 . 2009-03-19 22:57 40960 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-12-12 04:37 . 2009-12-16 11:06 -------- d-----w- c:\users\All Users\Application Data\ICQ
2009-12-12 04:00 . 2009-12-21 20:46 -------- d-----w- c:\program files\YouTube Downloader
2009-12-11 09:34 . 2009-12-11 09:34 -------- d-----w- c:\users\kole017\dwhelper
2009-12-11 01:52 . 2009-12-11 01:52 -------- d-----w- c:\users\kole017\Application Data\Ahead
2009-12-11 01:52 . 2009-12-11 01:52 -------- d-----w- c:\users\kole017\Application Data\DivX
2009-12-10 02:24 . 2009-12-10 02:24 -------- d-----w- c:\users\kole017\Application Data\CyberLink
2009-12-10 01:23 . 2009-12-15 05:48 -------- d-----w- c:\windows\system32\Adobe
2009-12-10 00:04 . 2009-12-26 09:39 -------- d-----w- c:\users\kole017\Application Data\BSplayer
2009-12-10 00:04 . 2009-12-10 00:04 -------- d-----w- c:\program files\Webteh
2009-12-10 00:03 . 2009-12-10 00:04 -------- d-----w- c:\program files\QuickTime
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\All Users\Application Data\Apple Computer
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\program files\Common Files\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\program files\Apple Software Update
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\All Users\Application Data\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Apple Computer
2009-12-09 11:00 . 2009-12-09 11:00 -------- d-----w- c:\users\car017\Local Settings\Application Data\Mozilla
2009-12-09 10:57 . 2009-12-09 10:58 -------- d-----w- c:\users\car017\Local Settings\Application Data\Adobe
2009-12-09 10:44 . 2009-12-29 10:59 -------- d-----w- c:\program files\URUSoft
2009-12-09 07:42 . 2009-12-09 07:42 -------- d-----w- c:\users\All Users\Application Data\CyberLink
2009-12-09 07:42 . 2009-12-09 07:42 -------- d-----w- c:\program files\CyberLink
2009-12-09 06:26 . 2010-01-02 14:00 -------- d-----w- c:\users\kole017\Tracing
2009-12-09 06:23 . 2009-12-09 06:23 -------- d-----w- c:\program files\Microsoft
2009-12-09 06:23 . 2009-12-09 06:23 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-09 06:22 . 2009-12-18 07:52 -------- d-----w- c:\program files\Windows Live
2009-12-09 06:22 . 2009-12-22 18:54 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Adobe
2009-12-09 06:21 . 2009-12-22 18:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-09 06:19 . 2009-12-09 06:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-09 06:19 . 2009-12-09 06:19 -------- d-----w- c:\windows\Sun
2009-12-09 06:11 . 2009-12-09 06:11 -------- d-----w- c:\users\kole017\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 12:42 . 2009-12-08 03:59 -------- d-----w- c:\program files\Winamp
2009-12-26 20:17 . 2009-12-08 04:56 -------- d-----w- c:\program files\CamStudio
2009-12-24 14:57 . 2009-12-09 10:56 295608 ----a-w- c:\users\car017\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 18:53 . 2009-12-08 04:32 295608 ----a-w- c:\users\kole017\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 09:48 . 2009-12-08 03:58 -------- d-----w- c:\program files\Google
2009-12-17 10:02 . 2009-12-08 03:58 -------- d-----w- c:\users\Administrator\Application Data\Skype
2009-12-16 08:09 . 2009-12-08 03:04 -------- d-----w- c:\program files\Xvid
2009-12-15 18:35 . 2009-12-08 03:58 -------- d-----w- c:\users\All Users\Application Data\Skype
2009-12-10 03:46 . 2009-12-08 03:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-09 23:24 . 2009-12-08 03:30 -------- d-----w- c:\program files\CCleaner
2009-12-09 07:41 . 2009-12-08 03:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-09 06:24 . 2009-12-08 03:58 -------- d-----w- c:\program files\MSN Messenger
2009-12-08 16:01 . 2009-12-08 15:59 -------- d-----w- c:\program files\VIA
2009-12-08 04:52 . 2009-12-08 03:48 -------- d-----w- c:\program files\Unlocker
2009-12-08 04:30 . 2009-12-08 04:30 -------- d-----w- c:\users\kole017\Application Data\Talkback
2009-12-08 04:30 . 2009-12-08 04:30 0 ----a-w- c:\windows\nsreg.dat
2009-12-08 04:04 . 2009-12-08 03:59 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-08 04:03 . 2009-12-08 04:03 -------- d-----w- c:\users\Administrator\Application Data\Ahead
2009-12-08 04:03 . 2009-12-08 04:02 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-08 04:02 . 2009-12-08 04:02 -------- d-----w- c:\users\All Users\Application Data\Nero
2009-12-08 04:02 . 2009-12-08 04:02 -------- d-----w- c:\program files\Nero
2009-12-08 04:01 . 2009-12-08 04:01 -------- d-----w- c:\program files\JockerSoft
2009-12-08 04:01 . 2009-12-08 04:01 -------- d-----w- c:\program files\AVIcodec
2009-12-08 04:00 . 2009-12-08 04:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-08 03:59 . 2009-12-08 03:59 -------- d-----w- c:\users\Administrator\Application Data\BSplayer Pro
2009-12-08 03:59 . 2009-12-08 03:59 -------- d-----w- c:\users\All Users\Application Data\Yahoo!
2009-12-08 03:58 . 2009-12-08 03:58 -------- d-----w- c:\program files\PDFCreator
2009-12-08 03:58 . 2009-12-08 03:58 -------- d-----w- c:\users\Administrator\Application Data\Notepad++
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft Office 2003
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft.NET
2009-12-08 03:48 . 2009-12-08 03:48 -------- d-----w- c:\program files\MicrosoftOfficeSetupFiles
2009-12-08 03:48 . 2009-12-08 03:48 -------- d-----w- c:\program files\7-Zip
2009-12-08 03:29 . 2009-12-08 03:29 -------- d-----w- c:\program files\MSBuild
2009-12-08 03:29 . 2009-12-08 03:29 424696 ----a-w- c:\users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-08 03:26 . 2009-12-08 03:26 -------- d-----w- c:\program files\Reference Assemblies
2009-12-08 03:09 . 2009-12-08 03:09 -------- d-----w- c:\program files\MSXML 6.0
2009-12-08 03:09 . 2009-12-08 03:09 -------- d-----w- c:\program files\MSXML 4.0
2009-12-08 03:04 . 2009-12-08 03:04 -------- d-----w- c:\program files\Java
2009-12-08 03:04 . 2009-12-08 03:04 -------- d-----w- c:\program files\Common Files\Java
2009-12-08 02:58 . 2009-12-08 02:58 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 04:48 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

------- Sigcheck -------

[-] 2004-08-04 . BB4D3A8E6F7EB1D370BC4AD27AB23368 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-02_08.41.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-02 14:01 . 2010-01-02 14:01 16384 c:\windows\temp\Perflib_Perfdata_c24.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-12-09 949376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"StartMenuFavorites"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\games\\CS 1.6 v42 FULL\\hl.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [9/12/2009 3:57 AM 15424]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/04/2009 1:19 PM 23064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/12/2009 5:01 PM 279680]
S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {BB8BD4B8-6E1A-4B6E-B6F7-A5235CB6D591} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=icqskins&q=
FF - component: c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 15:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2184)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\imapi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-02 15:02:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-02 14:02
ComboFix2.txt 2010-01-02 08:42

Pre-Run: 91,783,405,568 bytes free
Post-Run: 91,689,246,720 bytes free

- - End Of File - - 19CE81FBD371E9E80D27A9FA67F62110

Dopuna: 02 Jan 2010 15:12

Ne mogu vise da pristupim podesavanju AMON u Nod32 da ga ukljucim. Nema ga.

Dopuna: 02 Jan 2010 15:16

Tacnije ne mogu da otkrijem to sto se nalazi u Threat Protection Modules:


Dopuna: 02 Jan 2010 16:15

restartovao sam kompjuter i sada mogu da podesim. Cekam dalja uputstva.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Kakva je situacija sada, trebalo bi da je ok.
Preporuka da instaliras novu verziju Nod-a.

offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Sada je sve dobro. Sto se tice Noda, ostaje ova verzija. Pozz... I srecna Nova Godina Ziveli

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Hvala, srecna i tebi.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Uradio sam. Pozz...

Ko je trenutno na forumu
 

Ukupno su 832 korisnika na forumu :: 60 registrovanih, 5 sakrivenih i 767 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., arsa, Atomski čoban, Cirkon, Crazzer, croato, darkangel, darkstar101, Dimitrise93, draganca, dragon986, drummer, Dusko Nikolin, Faki-Valjevo, goxin, gringo22, Insan, ivan1973, ivica976, jaeger, Japidson, kljift, kovinacc, krkalon, Kruger, kunktator, lima, madza, MarKhan, Marko Marković, Matrix84, MB120mm, mercedesamg, mfranjic, Milan A. Nikolic, milenko crazy north, Mixelotti, mnn2, nemkea71, nenad81, ozz, pein, Regrut Boskica, repac, ruma, sakota79, Sale.S, shone34, Snorks, Srky Boy, sslay, StefanNBG90, stug, vathra, vladas87, Vladko, vobo, zexoni, |_MeD_|