Molim proveru log-a

Molim proveru log-a

offline
  • Pridružio: 08 Maj 2005
  • Poruke: 210

Svojom nepaznjom sam zarazio racunar pa molim pomoc. Blokiran mi je bio internet stoga sam iskoristio Combo pretpostavljajuci da ce resiti deo problema(dakle nisam nameravao da svesno krsim pravila). Elem, Combofix je zaista resio problem sa net-om.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:26 PM, on 3/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O16 - DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} (FileInterface Class) - https://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Block Level Filtering Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6541 bytes


I Combofix log
ComboFix 09-03-06.02 - Danko 2009-03-09 16:41:37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2577 [GMT 1:00]
Running from: c:\documents and settings\Danko\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Danko\Application Data\.#
c:\documents and settings\Danko\Application Data\.#\MBX@110C@3837A0.###
c:\documents and settings\Danko\Application Data\.#\MBX@9F8@3837D8.###
c:\documents and settings\Danko\Application Data\.#\MBX@9F8@3837E8.###

.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-09 16:39 . 2009-03-09 16:39 80 --a------ c:\windows\system32\2C.tmp
2009-03-08 21:08 . 2009-03-08 21:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-08 20:54 . 2009-03-08 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2009-03-08 17:03 . 2009-03-08 17:03 24,117 --a------ c:\windows\system32\3D6F.tmp
2009-03-08 17:03 . 2009-03-08 17:03 80 --a------ c:\windows\system32\3D6B.tmp
2009-03-08 15:39 . 2009-03-08 15:42 <DIR> d-------- c:\program files\ESET
2009-03-08 12:11 . 2009-03-08 12:23 <DIR> d-------- c:\documents and settings\Danko\Application Data\FreeCall
2009-03-06 15:55 . 2009-03-06 15:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-06 15:02 . 2009-03-07 05:05 <DIR> d-------- c:\program files\nLite
2009-03-01 10:45 . 2009-03-01 10:45 <DIR> d-------- c:\program files\Test My Hardware
2009-03-01 09:06 . 2009-03-01 09:06 <DIR> d-------- c:\program files\SCi Games
2009-03-01 08:46 . 2008-02-22 12:30 334,792 --a------ c:\windows\system32\_AxShlEx.dll
2009-03-01 08:45 . 2009-03-01 08:45 <DIR> d-------- c:\program files\Alcohol Soft
2009-03-01 08:44 . 2009-03-01 08:44 716,272 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-25 15:11 . 2009-02-25 15:11 <DIR> d-------- c:\program files\Ubisoft
2009-02-25 15:03 . 2009-02-25 15:03 1,374 --a------ c:\windows\imsins.BAK
2009-02-21 15:07 . 2009-02-21 21:36 167 --a------ c:\windows\usdthank.ini
2009-02-21 15:07 . 2009-02-21 15:07 31 --a------ c:\windows\idc.ini
2009-02-19 16:23 . 2009-02-19 16:29 200 --a------ C:\sccfg.sys
2009-02-15 10:57 . 2009-02-15 10:57 <DIR> d-------- c:\program files\RocketDock
2009-02-13 17:55 . 2009-02-13 17:57 1,004 --ahs---- c:\windows\system32\sys_drv.dat
2009-02-13 17:52 . 2009-02-14 05:23 <DIR> d-------- c:\program files\Folder Lock 6
2009-02-13 17:28 . 2009-02-13 17:28 16,896 --a------ c:\windows\system32\DECRYPT.DLL
2009-02-13 17:28 . 2009-02-13 17:28 0 --a------ c:\windows\wcx_ftp.ini
2009-02-13 17:19 . 2009-03-08 12:32 406,547 ---h----- C:\TREEINFO.WC
2009-02-13 17:12 . 2009-02-13 20:56 <DIR> d-------- c:\program files\Total Commander XP
2009-02-10 16:44 . 2009-02-10 16:44 6,693 --a------ c:\windows\system32\drivers\15KP9.s38
2009-02-10 16:44 . 2009-02-10 16:44 3,982 --a------ c:\windows\87t98.sys
2009-02-10 16:44 . 2009-02-10 16:51 106 --a------ c:\windows\cd-lock.ini
2009-02-09 04:52 . 2009-02-09 04:52 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-09 04:51 . 2009-02-09 04:51 <DIR> d-------- c:\program files\PC Connectivity Solution

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 20:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-08 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-06 14:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 09:10 --------- d-----w c:\program files\Softonic_English
2009-03-01 09:07 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 03:52 --------- d-----w c:\program files\Nokia
2009-02-09 03:52 --------- d-----w c:\program files\Common Files\Nokia
2009-02-09 03:50 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-08 14:45 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-08 14:45 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-08 14:40 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-02-08 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-06 13:24 56,280 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-02-06 13:24 33,096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-02-06 13:24 130,952 ----a-w c:\windows\system32\drivers\epfw.sys
2009-02-06 13:23 106,208 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-02-06 13:19 113,448 ----a-w c:\windows\system32\drivers\eamon.sys
2009-02-01 14:35 --------- d-----w c:\program files\Reference Assemblies
2009-02-01 14:35 --------- d-----w c:\program files\MSBuild
2009-01-31 09:26 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-01-23 18:42 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-23 17:17 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-23 17:17 362,240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-23 17:17 --------- d-----w c:\documents and settings\Danko\Application Data\TuneUp Software
2009-01-23 17:17 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-23 17:16 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-23 13:32 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-18 08:48 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-18 08:48 --------- d-----w c:\program files\Java
2009-01-17 14:01 --------- d-----w c:\program files\Conduit
2009-01-17 14:01 --------- d-----w c:\documents and settings\Danko\Application Data\vlc
2009-01-17 14:00 --------- d-----w c:\program files\VideoLAN
2009-01-16 17:23 --------- d-----w c:\program files\CCleaner
2009-01-14 16:31 --------- d-----w c:\program files\QuickTime
2009-01-14 16:31 --------- d-----w c:\program files\Common Files\Apple
2009-01-14 16:31 --------- d-----w c:\program files\Apple Software Update
2009-01-14 16:31 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-14 16:31 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-13 15:37 --------- d-----w c:\documents and settings\Danko\Application Data\Skype
2009-01-13 15:28 --------- d-----w c:\documents and settings\Danko\Application Data\skypePM
2009-01-13 14:59 --------- d-----w c:\program files\IncrediMail
2009-01-13 04:31 --------- d-----w c:\documents and settings\All Users\Application Data\IncrediMail
2009-01-13 04:31 --------- d-----w c:\documents and settings\All Users\Application Data\IM
2009-01-12 16:36 --------- d-----w c:\program files\TeamViewer
2009-01-12 12:03 --------- d-----w c:\documents and settings\Danko\Application Data\TeamViewer
2009-01-11 13:47 --------- d-----w c:\program files\Boilsoft Video Splitter
2009-01-05 04:04 3,982 ----a-w c:\windows\kj01d.sys
2008-12-28 07:28 3,072 ----a-w c:\windows\system32\srpskeyh3.dll
2008-12-24 15:42 335,872 ----a-w c:\windows\HideWin.exe
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
.

------- Sigcheck -------

2008-04-14 04:42 31744 39406281446f054962ddf3bd0363224e c:\windows\system32\svchost.exe
2008-04-14 04:42 31744 09292c055cf7e1d57a121bd3bf7bf294 c:\windows\system32\dllcache\svchost.exe

2008-04-14 04:42 1051136 167d85168b61ac8569421d3010f32dd7 c:\windows\explorer.exe
2008-04-14 04:42 1051136 cfd3302a8ecfedbcc503fd60c16eabf7 c:\windows\system32\dllcache\explorer.exe

2008-04-14 04:42 32768 370e76152e4b7857cf70829b34f03932 c:\windows\system32\ctfmon.exe
2008-04-14 04:42 32768 456ae0b883a562b537ca7fecb7b91567 c:\windows\system32\dllcache\ctfmon.exe

2008-04-14 04:42 75776 6af3fe60d3bc7ac347f43fbf2687e17e c:\windows\system32\spoolsv.exe
2008-04-14 04:42 75264 9d07a57fcfd2528046de49f39fdc74c4 c:\windows\system32\dllcache\spoolsv.exe

2008-04-14 04:42 43520 efd5077c6277e22128ea59f00212a725 c:\windows\system32\userinit.exe
2008-04-14 04:42 43520 6945552ab6bd3e3c0c0937707f7c34f4 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSof0.dll" [2009-03-01 1883672]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2009-03-01 10:11 1883672 --a------ c:\program files\Softonic_English\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSof0.dll" [2009-03-01 1883672]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSof0.dll" [2009-03-01 1883672]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2008-07-29 3276800]
"Analogue Vista Clock"="c:\program files\Analogue Vista Clock\Analogue Vista Clock.exe" [2007-11-14 214528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-04-06 819200]
"srpskey"="c:\windows\SYSTEM32\SRPSKEY.EXE" [2006-04-24 52224]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.GEOS"= GeoCodecD.dll
"vidc.GEOV"= GeoCodec.dll
"vidc.GEOX"= GeoCodec.dll
"vidc.GM40"= c:\windows\system32\v8200\GEO-MPEG4-ASP\2008.1.22.21.16\GXAMP4.dll
"vidc.GMP4"= c:\windows\system32\v8200\GEO-MPEG4-ASP\2008.1.22.21.16\GXAMP4.dll
"vidc.GM4H"= c:\windows\system32\v8200\GEO-MPEG4-ASP\2008.1.22.21.16\GXAMP4D.dll
"vidc.GM4S"= c:\windows\system32\v8200\GEO-MPEG4-ASP\2008.1.22.21.16\GXAMP4D.dll
"vidc.G264"= c:\windows\system32\v8200\GEO-H264\2008.1.7.2.7\GX264.dll
"vidc.G26S"= c:\windows\system32\v8200\GEO-H264\2008.1.7.2.7\GX264D.dll
"vidc.GM20"= c:\windows\system32\v8200\GEO-MPEG2\2008.1.11.4.2\GXGM20.dll
"vidc.GJPG"= c:\windows\system32\v8200\GEO-JPEG\2008.1.24.3.52\GXJPG.dll
"vidc.GAVC"= c:\windows\system32\v8200\GEO-H264-V2\2008.1.18.0.54\GXAVC.dll
"vidc.GAVS"= c:\windows\system32\v8200\GEO-H264-V2\2008.1.18.0.54\GXAVCD.dll
"msacm.geoadpcm"= c:\windows\system32\v8200\GEO-ADPCM\2007.8.13.1.32\GeoADPCM.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Danko^Start Menu^Programs^Startup^Registration Lock On]
path=c:\documents and settings\Danko\Start Menu\Programs\Startup\Registration Lock On
backup=c:\windows\pss\Registration Lock OnStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 04:42 32768 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
--a------ 2009-02-11 10:19 399504 c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 05:42 1712640 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nodenable]
--a------ 2008-09-23 16:48 326823 c:\program files\ESET\nodenable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1223168 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-07-16 16:57 81920 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 90112 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-09-27 07:20 16863744 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2007-08-03 06:22 1847296 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-23 603904]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-12-24 89600]
S0 MFX;MFX; [x]
S0 XMS1563K;XMS1563K;c:\windows\system32\drivers\XMS1563K.SYS [2009-01-05 49692]
S2 Block Level Filtering Service;Block Level Filtering Service;c:\windows\svchost.exe --> c:\windows\svchost.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-02-08 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-02-08 8320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00631603-d1d3-11dd-99e8-806d6172696f}]
\Shell\AutoRun\command - d:\bin\assetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-FreeCall - c:\program files\FreeCall.com\FreeCall\FreeCall.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bancaintesabeograd.com\online
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
FF - ProfilePath - c:\documents and settings\Danko\Application Data\Mozilla\Firefox\Profiles\ynjisu71.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 16:42:33
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\MFX.sys 49692 bytes executable
C:\SYZ_DAT

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-09 16:43:24
ComboFix-quarantined-files.txt 2009-03-09 15:43:22

Pre-Run: 62,049,292,288 bytes free
Post-Run: 62,058,176,512 bytes free

258 --- E O F --- 2009-02-25 14:03:36

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozdrav...

Upladouj mi sledeci fajl :

c:\windows\explorer.exe

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 08 Maj 2005
  • Poruke: 210

Fajl je upload-ovan.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Uff.. pregledao sam fajl.. Nije bas dobro al pokusacemo da sredimo....

Deinstaliraj Eset Antivirus i instaliraj Aviru :

http://www.free-av.com/en/download/index.html

Pusti full scan i posle toga mi postavi svez Combofix log.

offline
  • Pridružio: 08 Maj 2005
  • Poruke: 210

Na zalost, windows je puk`o kad je Avira pocela da izbacuje prozore. Nema veze, sacuvao sam podatke sa c diska i format. Hvala na trudu u svakom slucaju.

Dopuna: 11 Mar 2009 17:31

Podigao sam svez XP ali mi je komp i dalje sumnjiv(malo koci pri otvaranju particija).Avira je detektovala nekoliko infekcija.
Avira AntiVir Personal
Report file date: Wednesday, March 11, 2009 17:03

Scanning for 1293969 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HOME

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 16:02:25
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 3/11/2009 16:02:32
ANTIVIR3.VDF : 7.1.2.157 9216 Bytes 3/11/2009 16:02:32
Engineversion : 8.2.0.109
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/11/2009 16:02:50
AESCRIPT.DLL : 8.1.1.60 360826 Bytes 3/11/2009 16:02:49
AESCN.DLL : 8.1.1.8 127346 Bytes 3/11/2009 16:02:47
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 13:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/11/2009 16:02:46
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/11/2009 16:02:44
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/11/2009 16:02:43
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/11/2009 16:02:36
AEGEN.DLL : 8.1.1.27 336244 Bytes 3/11/2009 16:02:35
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 10:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 3/11/2009 16:02:33
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, March 11, 2009 17:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Danko\Local Settings\Temporary Internet Files\Content.IE5\MP60YWNO\swflash[1].cab
[0] Archive type: CAB (Microsoft)
--> FP_AX_CAB_INSTALLER.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'D:\'
D:\Instalacije\FaceOnBody.Pro.v2.4-TE.rar
[0] Archive type: RAR
--> FaceOnBody.Pro.v2.4-TE\FaceOnBody.Pro.v2.4-TE\(zabranjeno)\FaceOnBodyProv24_(zabranjeno).exe
[DETECTION] Contains recognition pattern of the DR/Agent.12800.E dropper
--> FaceOnBody.Pro.v2.4-TE\FaceOnBody.Pro.v2.4-TE\FOB_Install_FB024.exe
[1] Archive type: ZIP SFX (self extracting)
--> FaceOnBody.exe
[DETECTION] Is the TR/Agent.2080768.A Trojan
[NOTE] The file was moved to '4a1ae23c.qua'!
D:\My Music\Strana\Rock\X,Y,Z\ZZ Top\Autorun.exe
[DETECTION] Contains code of the W32/Virut.Gen Windows virus
[NOTE] The file was moved to '4a2be4b4.qua'!
D:\My Music\Strana\Rock\X,Y,Z\ZZ Top\Winamp\Winamp.exe
[DETECTION] Contains code of the W32/Virut.Gen Windows virus
[NOTE] The file was moved to '4a25e4af.qua'!
D:\My Music\Strana\Rock\X,Y,Z\ZZ Top\Winamp\winampa.exe
[DETECTION] Contains code of the W32/Virut.Gen Windows virus
[NOTE] The file was moved to '4a25e4b2.qua'!
D:\System Volume Information\_restore{A30020A9-EC81-4BAB-B020-AAA4F3CDAC02}\RP9\A0000573.exe
[DETECTION] Contains code of the W32/Virut.Gen Windows virus
[NOTE] The file was moved to '49e7e4a8.qua'!
D:\System Volume Information\_restore{A30020A9-EC81-4BAB-B020-AAA4F3CDAC02}\RP9\A0000574.exe
[DETECTION] Contains code of the W32/Virut.Gen Windows virus
[NOTE] The file was moved to '49e7e4ac.qua'!
D:\System Volume Information\_restore{A30020A9-EC81-4BAB-B020-AAA4F3CDAC02}\RP9\A0000575.exe
[DETECTION] Contains code of the W32/Virut.Gen Windows virus
[NOTE] The file was moved to '49e7e4ae.qua'!


End of the scan: Wednesday, March 11, 2009 17:19
Used time: 15:40 Minute(s)

The scan has been done completely.

5907 Scanning directories
119697 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
119688 Files not concerned
1318 Archives were scanned
2 Warnings
7 Notes

I Combo:

ComboFix 09-03-10.03 - Danko 2009-03-11 17:22:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2561 [GMT 1:00]
Running from: F:\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.

2009-03-11 17:19 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-03-11 17:01 . 2009-03-11 17:01 <DIR> d-------- c:\program files\Avira
2009-03-11 16:28 . 2009-03-11 17:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-11 16:11 . 2009-03-11 16:11 0 --a------ c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 14:35 --------- d-----w c:\documents and settings\Danko\Application Data\ATI
2009-03-11 14:35 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-03-11 14:34 --------- d-----w c:\program files\My Company Name
2009-03-11 14:33 --------- d-----w c:\program files\ATI Technologies
2009-03-11 14:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 14:32 --------- d-----w c:\program files\Common Files\ATI Technologies
2009-03-11 14:30 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-11 14:27 --------- d-----w c:\program files\AMD
2009-03-11 14:25 315,392 ----a-w c:\windows\HideWin.exe
2009-03-11 14:25 --------- d-----w c:\program files\Realtek
2009-03-11 14:21 --------- d-----w c:\program files\NVIDIA Corporation
2009-03-11 14:21 --------- d-----w c:\documents and settings\Danko\Application Data\InstallShield
2009-03-11 14:02 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-08-03 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-03-11 89600]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULER
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22b8b3a9-0e49-11de-bcd7-806d6172696f}]
\Shell\AutoRun\command - e:\bin\assetup.exe
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Danko\Application Data\Mozilla\Firefox\Profiles\h9vazag2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 17:22:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-11 17:23:08
ComboFix-quarantined-files.txt 2009-03-11 16:23:06

Pre-Run: 100,229,509,120 bytes free
Post-Run: 100,311,842,816 bytes free

84

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

preporucujem ti sledece.. sve instalacije ili programe koje imas na drugim particijama obrisi.. svi su oni infcirani istim virusom koji ti je oborio sistem....

Cini mi se da je Avira sredila to al ja se ne bih igrao..
Inace log je cist i ne ukazuje na reinfekciju...

To sto koci pri otvaranju particija trebalo bi da se sredi posle full skena.. Svaki sveze instaliran AV malo koci sistem.. to je normalno i sredice se cim AV isproverava sve fajlove...

offline
  • Pridružio: 08 Maj 2005
  • Poruke: 210

Hvala. Ucinicu tako.

Ko je trenutno na forumu
 

Ukupno su 917 korisnika na forumu :: 35 registrovanih, 8 sakrivenih i 874 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., babaroga, Bane san, Brankoni, cenejac111, Cranium, crnitrn, dac, dejina811, Dimitrise93, Echo, Georgius, ikan, Imperator41, Lieutenant, Marko Marković, MILO-VAN, Mixelotti, moldway, nenad81, Njemac, Oluj2.1, sakota79, Sr.Stat., Srle993, ssekir75, time, VJ, Vlad000, vlvl, voja64, vrlenija, vsn111, Wisdomseeker