Molim vas za pomoć

1

Molim vas za pomoć

offline
  • Pridružio: 27 Jan 2008
  • Poruke: 35

Imam problem na ovom računaru, verovatno je zakačio neku infekciju. Usporen je za 70 posto....uopšte nije za rad...baciću ga kroz prozor. Pomozite mi....
Evo ga log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:13, on 28.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\nMtsk.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: CIEPl Object - {02E60F0E-0497-4F6D-9214-39335A631A70} - C:\WINDOWS\system32\holdapi.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6motp.dll (file missing)
O2 - BHO: Image Helper - {646782DF-07D9-5816-C17D-32459D631863} - C:\WINDOWS\system\bpmdm32.dll (file missing)
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D7F9337-6D3E-4A57-843B-6586794739D0}: NameServer = 195.250.98.5 195.250.98.8
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: holdapi - holdapi.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: nMtskBar Service (nMtskService) - Intracom S.A. - C:\WINDOWS\nMtsk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6333 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Zdravo,

Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface).
* Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

--------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 27 Jan 2008
  • Poruke: 35

Napisano: 29 Apr 2009 13:32

ComboFix 09-04-28.02 - Petrovic 29.04.2009 11:47.1 - NTFSx86
Running from: c:\documents and settings\Petrovic\Desktop\ComboFix.exe
AV: AVG 7.5.516 *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\as.txt
c:\windows\knight.exe
c:\windows\recover.reg
c:\windows\system32\7_exception.nls
c:\windows\system32\crypts.dll
c:\windows\system32\digiwet.dll
c:\windows\system32\qabmjmmh.ini
c:\windows\system32\wsys.dll
c:\windows\system32\yjevnjuu.ini
c:\windows\system32\drivers\str.sys . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EXAMPLE
-------\Legacy_RUNTIME
-------\Service_EXAMPLE
-------\Service_Runtime


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-28 11:28 . 2009-04-28 11:28 -------- d-----w c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 11:36 . 2009-02-13 11:36 1046 ----a-w c:\windows\system32\dktqbbjt.exe
2009-02-13 11:35 . 2009-02-13 11:35 20992 ----a-w c:\windows\system32\dggedaaa.exe
2008-03-31 08:26 . 2006-10-23 09:59 848 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-03-15 14:31 . 2007-03-16 11:22 93946 --sha-w c:\windows\system32\ospcont.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-07-29 5354792]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-02-13 579072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 77824]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-17 69632]
"nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-06-17 2550272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2009-02-13 219136]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-23 113664]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\WINDOWS\\system32\\dggedaaa.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=

R3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [2005-05-06 90112]
S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2005-06-03 60556]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVG Anti-Spyware Driver
*Deregistered* - AVG Anti-Spyware Guard
*Deregistered* - Avg7Alrt
*Deregistered* - Avg7Core
*Deregistered* - Avg7RsW
*Deregistered* - Avg7RsXP
*Deregistered* - Avg7UpdSvc
*Deregistered* - AvgAsCln
*Deregistered* - AvgClean
*Deregistered* - Beep
*Deregistered* - bgsvcgen
*Deregistered* - Browser
*Deregistered* - cbmtugria
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - PQNTDrv
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RecAgent
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - ServiceLayer
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SLService
*Deregistered* - SlWdmSup
*Deregistered* - SMBios
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e54b088-4878-11dd-a3cb-00111187a92f}]
\Shell\auto\command - F:\Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - F:\Knight.exe open
\Shell\find\command - F:\Knight.exe open
\Shell\install\command - F:\Knight.exe open
\Shell\open\command - F:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c57aee64-d7cb-11db-a261-00111187a92f}]
\Shell\Auto\command - G:\Cn911.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef843652-dc3f-11db-a267-00111187a92f}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26]

2007-01-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8034612465.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{40DAD1B9-DDCF-4A31-A5D3-A03BC8881370} - c:\windows\System32\windexserv.dll
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
ShellExecuteHooks-{93994DE8-8239-4655-B1D1-5F4E91300429} - c:\program files\DVDIdle Pro\DVDShell.dll
ShellExecuteHooks-{F28439F2-4996-41B8-8BD0-22789780DE81} - (no file)
Notify-holdapi - holdapi.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Petrovic\Application Data\Mozilla\Firefox\Profiles\083qiytx.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-29 12:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\str.sys 0 bytes
c:\windows\system32\drivers\xcxqonjrhfg.sys 30976 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5428-)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\windows\system32\bgsvcgen.exe
c:\windows\system32\slserv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-04-29 13:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 11:19

Pre-Run: 2.417.307.648 bytes free
Post-Run: 3.034.013.696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

281

Dopuna: 29 Apr 2009 13:45

Sta se dešava, ima li pomaka i spasa za ovaj kompjuter Sad

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Probacemo nesto da sredimo.

Iskljuci zastitu:

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\dktqbbjt.exe
c:\windows\system32\dggedaaa.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e54b088-4878-11dd-a3cb-00111187a92f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c57aee64-d7cb-11db-a261-00111187a92f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef843652-dc3f-11db-a267-00111187a92f}]

Rootkit::
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\xcxqonjrhfg.sys


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 27 Jan 2008
  • Poruke: 35

Napisano: 29 Apr 2009 23:01

ComboFix 09-04-28.02 - Petrovic 29.04.2009 22:18.2 - NTFSx86
Running from: c:\documents and settings\Petrovic\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Petrovic\Desktop\CFScript.txt.txt
AV: AVG 7.5.516 *On-access scanning disabled* (Outdated)

FILE ::
c:\windows\system32\dggedaaa.exe
c:\windows\system32\dktqbbjt.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dggedaaa.exe
c:\windows\system32\dktqbbjt.exe
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\xcxqonjrhfg.sys

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-28 11:28 . 2009-04-28 11:28 -------- d-----w c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 08:26 . 2006-10-23 09:59 848 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-03-15 14:31 . 2007-03-16 11:22 93946 --sha-w c:\windows\system32\ospcont.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_10.54.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 12:09 . 2008-10-16 12:09 43544 c:\windows\system32\wups2.dll
+ 2002-10-13 20:18 . 2008-10-16 12:08 34328 c:\windows\system32\wups.dll
+ 2002-10-13 20:18 . 2008-10-16 12:09 51224 c:\windows\system32\wuauclt.exe
+ 2009-04-29 12:25 . 2008-10-16 12:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2002-10-13 20:18 . 2008-10-16 12:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2002-10-13 20:18 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\dllcache\cdm.dll
- 2002-10-13 20:25 . 2009-04-29 10:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2002-10-13 20:25 . 2009-04-29 19:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2002-10-13 20:25 . 2009-04-29 10:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2002-10-13 20:25 . 2009-04-29 19:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2002-10-13 20:25 . 2009-04-29 19:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2002-10-13 20:25 . 2009-04-29 10:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\cdm.dll
+ 2002-10-13 20:18 . 2008-10-16 12:13 202776 c:\windows\system32\wuweb.dll
+ 2002-10-13 20:18 . 2008-10-16 12:12 323608 c:\windows\system32\wucltui.dll
+ 2002-10-13 20:18 . 2008-10-16 12:12 561688 c:\windows\system32\wuapi.dll
+ 2002-10-13 20:18 . 2008-10-16 12:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2002-10-13 20:18 . 2008-10-16 12:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2002-10-13 20:18 . 2008-10-16 12:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2002-10-13 20:18 . 2008-10-16 12:13 1809944 c:\windows\system32\wuaueng.dll
+ 2002-10-13 20:18 . 2008-10-16 12:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-07-29 5354792]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-02-13 579072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 77824]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-17 69632]
"nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-06-17 2550272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2009-02-13 219136]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-23 113664]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=

R2 cbmtugria;cbmtugria; [x]
R3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [2005-05-06 90112]
S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2005-06-03 60556]

.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26]

2007-01-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8034612465.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Petrovic\Application Data\Mozilla\Firefox\Profiles\083qiytx.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-29 22:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3764)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-04-29 22:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 20:57
ComboFix2.txt 2009-04-29 11:21

Pre-Run: 2.984.882.176 bytes free
Post-Run: 2.978.844.672 bytes free

154

Dopuna: 29 Apr 2009 23:06

Evo uradjeno je sve kako si mi rekao, mislim da ima nekog napretka...kompjuter mi radi brže. Jel možeš da mi napišeš šta je to što ga je napalo i gde se to uobičajeno zakači?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Bilo je svacega,

ugasi ponovo Antivirus.

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
cbmtugria


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja

offline
  • Pridružio: 27 Jan 2008
  • Poruke: 35

Napisano: 30 Apr 2009 12:09

ComboFix 09-04-28.02 - Petrovic 30.04.2009 11:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.198 [GMT 2:00]
Running from: c:\documents and settings\Petrovic\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Petrovic\Desktop\CFScript.txt.txt
AV: AVG 7.5.516 *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CBMTUGRIA
-------\Service_cbmtugria


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-28 11:28 . 2009-04-28 11:28 -------- d-----w c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 21:09 . 2007-01-08 19:59 -------- d-----w c:\program files\Common Files\PCSuite
2008-03-31 08:26 . 2006-10-23 09:59 848 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-03-15 14:31 . 2007-03-16 11:22 93946 --sha-w c:\windows\system32\ospcont.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_10.54.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 12:09 . 2008-10-16 12:09 43544 c:\windows\system32\wups2.dll
+ 2002-10-13 20:18 . 2008-10-16 12:08 34328 c:\windows\system32\wups.dll
+ 2002-10-13 20:18 . 2008-10-16 12:09 51224 c:\windows\system32\wuauclt.exe
+ 2009-04-29 12:25 . 2008-10-16 12:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2002-10-13 20:18 . 2008-10-16 12:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2002-10-13 20:18 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2002-10-13 20:25 . 2009-04-29 19:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2002-10-13 20:25 . 2009-04-29 10:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2002-10-13 20:25 . 2009-04-29 10:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2002-10-13 20:25 . 2009-04-29 19:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 12:00 . 2008-10-16 12:09 92696 c:\windows\system32\cdm.dll
+ 2002-10-13 20:18 . 2008-10-16 12:13 202776 c:\windows\system32\wuweb.dll
+ 2002-10-13 20:18 . 2008-10-16 12:12 323608 c:\windows\system32\wucltui.dll
+ 2002-10-13 20:18 . 2008-10-16 12:12 561688 c:\windows\system32\wuapi.dll
+ 2002-10-13 20:18 . 2008-10-16 12:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2002-10-13 20:18 . 2008-10-16 12:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2002-10-13 20:18 . 2008-10-16 12:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2002-10-13 20:18 . 2008-10-16 12:13 1809944 c:\windows\system32\wuaueng.dll
+ 2002-10-13 20:18 . 2008-10-16 12:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-02-13 579072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 77824]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-17 69632]
"nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-06-17 2550272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2009-02-13 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-23 113664]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=

R3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [2005-05-06 90112]
S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2005-06-03 60556]

.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26]

2007-01-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8034612465.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {8D7F9337-6D3E-4A57-843B-6586794739D0} = 195.250.98.5 195.250.98.8
FF - ProfilePath - c:\documents and settings\Petrovic\Application Data\Mozilla\Firefox\Profiles\083qiytx.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-30 12:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2888-)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-04-30 12:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 10:05
ComboFix2.txt 2009-04-29 20:57
ComboFix3.txt 2009-04-29 11:21

Pre-Run: 2.961.932.288 bytes free
Post-Run: 2.956.300.288 bytes free

150

Dopuna: 30 Apr 2009 12:10

Ево учињено је како ми је речено....Који су следећи кораци који се требају предузети....

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Jel ima nekih problema?

offline
  • Pridružio: 27 Jan 2008
  • Poruke: 35

Koliko mogu da zakljucim nema za sada.radi brzo, vise nije usporen.da li jos nesto treba uraditi da se taj postupak isceljenja zavrsi:)

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Treba jos ovo:

Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 936 korisnika na forumu :: 52 registrovanih, 8 sakrivenih i 876 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., alkatraz080, awathorn, babaroga, Bane san, bankulen, bato, crnitrn, Denaya, dragon986, Dukelander, goxin, h8propaganda, havoc995, Hoegaarden, inskk, jogurtmen, Kibice, Kiki2004, komkom, krlebgd77, Krusarac, KUZMAR, kybonacci, manda87, menges, mikrimaus, mnn2, nemkea71, nenad81, raketaš, Recce, RJ, royst33, ruseskij, S-lash, sakota79, Simon simonović, ss10, t84dar, Tas011, tomigun, vasaw, VJ, Vlada1389, vlvl, vobo, voja64, vukdra, Warhawk, Wisdomseeker, xJeremijAx