Molim za pomoc

1

Molim za pomoc

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 51

Pozdrav ljudi, imam 2 problema sa racunarom

1 problem je:

Pre nekolikoi dana dok sam bila na facebook pojavio se mi se iz cista mira XP Security centar kao Antivirus i nesto poceo da skenira pronasao je kao nekih 28 virusa ili sta vec
Od andivirusa sam u tom periodu imala Avast profesional koji prilikom skeniranja nista nije pokazao. A onda sam restartovala komp i pojavio mi se plavi ekran gde je pisalo da mora da se nesto disabluje iz biosa, ali kako se ja u to ne razumem odmah sam odnela komp kod coveka koji mi je i postavio sistem, ali pre nego sto sam ga odnela ponovo sam ga restartovala cisto da vidim hoce li se isto desiti, medjutim sistem se podigao najnormalnije , taj problem se pojavio i kod coveka koji mi vrsio instalaciju sistema... jedino sto znam kako on rece bio je neki trojanac i ubacio mi je Malwarebytes' Anti-Malware, od tada kad ga ukljucim da skenira uvek nesto pronadje a izmedju ostalog i taj Security centar i kada posaljem u karantin onda mi iskace ona ikonica od Security centra sto me jako nervira , kad udjem u Security centar firewall je ON , Automatic update je OFF, a Virus protection je ON. I kada udjem u Change the way Security centar alerts me tamo je cekiran Firewall, ostalo je decekirano . Medjuti Avast je prestao da se sam radi update, pa sam ga nakon nekoliko dana deinstalirala i instalirala Aviru koja je nasla oko 38 virusa ( uradila sam print screen, pa ako treba i to vam mogu okaciti ) medjutim i pre Avire i posle komp mi radi radi bez problema ne koci, nista cudno se ne desava.



2 Problem

Imam Total Commander, i preko njega koristim FTP pristup, jer se amaterski bavim izradom web sajtova za prijatelje, i prekjuce mi je prijateljica kojoj sam radila web prezentaciju javila da na njenom webu ima virusa kaze Nod je detektovao. kao browsver koristim mozzilu firefox koja mi nista nije prikazivala ali Google Chrom mi izbacuje neki pop up prozor sa nekim reklamama travian... a zatim mi se pojavi obavestenje da na tom sajtu ima neki maleware . Kada sam otvorila view page source pokazao mi je u dnu stranice neku skriptu sto znaci da je neko hakovao. Ja sam preko ftp obrisala index i home i postavila ponovo te stranice , kada sam iz browsvera ponovo pogledala web nije vise bilo te skripte ali i dalje otvara pop-up prozor i vezuje ga za travian, a onda je covek kod koga kupujem hosting promenio pasword i on postavio ponovo index i home stranicu i opet ista stvar .... Ovaj problem mi se pojavljuje kod cak 4 web sajta koji se nalaze kod razlicitih provajdera, neki u Ceskoj neki u Srbiji , medjutim cudno mi je i to sto imam jos sajtova koje odrzavam i tamo nije bilo te skripte, pa vise neznam gde je problem i sta da radim kada u mom racunaru je sa html kodom sve uredu a kada posaljem na server prijavi da ima malevare koji nikako nemogu da vidim a koji se vezuje sa tih nekoliko sajtova.
I jos jedan podatak jedan sajt sam azurirala pre 2 meseca i on je zarazen, a 3 sam azurirala istog dana od koja su 2 zarazena a jedan nije.
Molim za pomoc jer zaista vise neznam gde je problem i sta se desava , ali jedino sto mi pada na pamet da mi je neko hakovao total commander.
Izvinite za tekst sto je predugacak ali mi se ucinilo da je sve jako vazno


PS: pokusala sam Gmer i jako mi je dugo skenirao ali kada hocu da snimim onda se racunar blokira i nece da ga snimi




DDS (Ver_10-03-17.01) - NTFSx86
Run by Goran at 23:07:20.42 on Fri 03/26/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1209 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Goran\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\goran\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\goran\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\goran\applic~1\mozilla\firefox\profiles\vqm6ocem.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=RfwXD0hH0_yfVz.W9XH1uw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\documents and settings\goran\application data\mozilla\firefox\profiles\vqm6ocem.default\extensions\bookmarks@cometmarks.com\components\ICometMarksExtension.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\goran\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-26 11608]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-6-27 61424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-26 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-16 55656]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [2005-4-8 162176]
RUnknown SASENUM;SASENUM; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S0 vvhslws;vvhslws; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-15 1684736]
UnknownUnknown SASDIFSV;SASDIFSV; [x]

=============== Created Last 30 ================

2010-03-26 19:57:47 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-26 19:57:42 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-26 19:57:42 0 d-----w- c:\docume~1\goran\applic~1\SUPERAntiSpyware.com
2010-03-26 00:42:50 0 d-----w- c:\program files\Avira
2010-03-26 00:42:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-03-19 20:28:59 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-03-17 17:23:39 0 d-----w- c:\docume~1\goran\applic~1\Malwarebytes
2010-03-17 17:23:36 38224 begin_of_the_skype_highlighting              36 38224      end_of_the_skype_highlighting begin_of_the_skype_highlighting              36 38224      end_of_the_skype_highlighting ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 17:23:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 17:23:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 17:23:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-17 16:45:33 77312 ----a-w- c:\windows\MBR.exe
2010-03-17 16:45:32 98816 ----a-w- c:\windows\sed.exe
2010-03-17 16:45:32 261632 ----a-w- c:\windows\PEV.exe
2010-03-17 16:45:32 161792 ----a-w- c:\windows\SWREG.exe
2010-03-16 14:29:59 65296 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-16 14:26:43 0 d-----w- c:\program files\Bonjour
2010-03-11 14:07:20 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-11 14:07:18 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-03-11 14:07:12 0 d-----w- c:\windows\Logs
2010-03-11 14:06:52 0 d-----w- c:\program files\Winamp Detect
2010-03-02 16:23:58 0 d-----w- c:\docume~1\goran\applic~1\FVZilla
2010-03-02 16:23:52 0 d-----w- c:\program files\Free Video Zilla

==================== Find3M ====================

2010-02-12 12:58:48 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 23:07:42.37 ===============





mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 51

da li sada da zatvorim notpade i da li da restartujem PC ?




ComboFix 10-03-26.02 - Goran 03/27/2010 19:52:48.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1627 [GMT 1:00]
Running from: c:\documents and settings\Goran\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-27 00:49 . 2009-07-21 13:40 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2010-03-27 00:49 . 2009-06-03 15:26 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2010-03-27 00:49 . 2009-04-09 09:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2010-03-27 00:49 . 2009-02-13 15:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2010-03-27 00:49 . 2008-12-05 10:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2010-03-27 00:48 . 2010-03-27 00:48 -------- d-----w- c:\program files\Common Files\Skype
2010-03-27 00:45 . 2010-03-27 00:45 1481488 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-26 19:57 . 2010-03-26 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-26 19:57 . 2010-03-26 21:18 -------- d-----w- c:\documents and settings\Goran\Application Data\SUPERAntiSpyware.com
2010-03-26 19:57 . 2010-03-26 21:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-26 00:42 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-26 00:42 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-26 00:42 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-26 00:42 . 2010-03-26 00:42 -------- d-----w- c:\program files\Avira
2010-03-26 00:42 . 2010-03-26 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\documents and settings\Goran\Application Data\Malwarebytes
2010-03-17 17:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-17 17:23 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 16:14 . 2010-03-23 08:59 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\avG
2010-03-16 14:29 . 2010-03-16 14:29 65296 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-16 14:26 . 2010-03-16 14:26 -------- d-----w- c:\program files\Bonjour
2010-03-14 14:10 . 2010-03-24 21:20 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\Temp
2010-03-11 14:07 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-11 14:07 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-03-11 14:07 . 2010-03-11 14:07 -------- d-----w- c:\windows\Logs
2010-03-11 14:06 . 2010-03-11 14:06 -------- d-----w- c:\program files\Winamp Detect
2010-03-02 16:23 . 2010-03-02 16:27 -------- d-----w- c:\documents and settings\Goran\Application Data\FVZilla
2010-03-02 16:23 . 2010-03-02 16:27 -------- d-----w- c:\program files\Free Video Zilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 18:47 . 2009-08-16 10:41 -------- d-----w- c:\documents and settings\Goran\Application Data\Skype
2010-03-27 15:01 . 2009-08-16 10:43 -------- d-----w- c:\documents and settings\Goran\Application Data\skypePM
2010-03-27 09:21 . 2009-10-14 13:03 -------- d-----w- c:\program files\BitComet
2010-03-27 02:31 . 2009-10-14 13:17 -------- d-----w- c:\program files\CometBird
2010-03-27 00:50 . 2009-08-16 20:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-21 14:54 . 2009-09-15 09:21 45 ----a-w- c:\windows\popcinfo.dat
2010-03-19 20:28 . 2010-03-19 20:28 8 ----a-w- c:\documents and settings\NetworkService\Application Data\jasltw.dat
2010-03-17 14:28 . 2009-10-19 23:25 -------- d-----w- c:\documents and settings\Goran\Application Data\Incredible Ink
2010-03-17 14:09 . 2010-03-17 14:09 12 ----a-w- c:\documents and settings\NetworkService\Application Data\zxcdyt.dat
2010-03-16 14:29 . 2010-02-12 07:43 -------- d-----w- c:\documents and settings\Goran\Application Data\Apple Computer
2010-03-16 14:15 . 2010-02-23 16:28 -------- d-----w- c:\program files\Opera
2010-03-11 14:07 . 2009-08-15 10:16 -------- d-----w- c:\program files\Winamp
2010-02-25 09:54 . 2010-02-24 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-24 19:47 . 2010-02-24 19:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-02-24 18:29 . 2010-02-24 18:29 1923768 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-02-24 18:27 . 2010-02-24 16:10 1923880 ----a-w- c:\documents and settings\Goran\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-02-24 13:32 . 2009-09-23 00:11 -------- d-----w- c:\program files\RealArcade
2010-02-24 13:20 . 2009-08-16 19:03 -------- d-----w- c:\program files\Macromedia
2010-02-24 13:20 . 2009-08-15 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 22:50 . 2010-02-18 22:50 -------- d-----w- c:\program files\Engleski
2010-02-14 22:34 . 2010-02-14 22:34 1437696 ----a-w- c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\extensions\bookmarks@cometmarks.com\components\ICometMarksExtension.dll
2010-02-14 22:34 . 2010-02-14 22:34 -------- d-----w- c:\program files\CometMarks
2010-02-12 12:58 . 2010-02-12 12:58 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 07:35 . 2009-10-18 12:20 -------- d-----w- c:\documents and settings\Goran\Application Data\PC Suite
2010-02-09 19:50 . 2009-08-15 09:49 88512 ----a-w- c:\documents and settings\Goran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 17:46 . 2010-02-09 14:12 52224 ----a-w- c:\documents and settings\Goran\Application Data\CometNetwork\CometBird\Profiles\uxzfu4xl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-02-04 17:46 . 2010-02-09 14:12 101376 ----a-w- c:\documents and settings\Goran\Application Data\CometNetwork\CometBird\Profiles\uxzfu4xl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-01-29 11:23 . 2010-01-29 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-21 17:01 . 2010-01-21 17:01 128 ----a-w- c:\documents and settings\Goran\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-03-17_16.57.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
- 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2010-03-27 18:48 . 2010-03-27 18:48 16384 c:\windows\temp\Perflib_Perfdata_1dc.dat
+ 2010-03-26 00:42 . 2009-05-11 09:12 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2009-08-15 09:46 . 2010-03-17 15:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-15 09:46 . 2010-03-19 20:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-15 09:46 . 2010-03-19 20:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-15 09:46 . 2010-03-17 15:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-19 20:28 . 2010-03-19 20:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2010-03-27 00:48 . 2010-03-27 00:48 700416 c:\windows\Installer\1177f.msi
+ 2010-03-27 00:48 . 2010-03-27 00:48 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2009-10-02 18:45 . 2009-10-02 18:45 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2010-03-27 00:48 . 2010-03-27 00:48 1575936 c:\windows\Installer\11775.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-09-24 2768696]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"Google Update"="c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-14 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Goran\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8144:TCP"= 8144:TCP:BitComet 8144 TCP
"8144:UDP"= 8144:UDP:BitComet 8144 UDP

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [6/27/2008 3:50 PM 61424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/26/2010 1:42 AM 108289]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [4/8/2005 9:46 AM 162176]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/12/2010 1:58 PM 685816]
S0 vvhslws;vvhslws; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/15/2009 11:04 AM 1684736]
.
Contents of the 'Scheduled Tasks' folder

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-1801674531-1003Core.job
- c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 14:10]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-1801674531-1003UA.job
- c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 14:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=RfwXD0hH0_yfVz.W9XH1uw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\extensions\bookmarks@cometmarks.com\components\ICometMarksExtension.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1614895754-838170752-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B53329D-D4E4-A282-D395-B6CF193DBA77}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaopppengbbkgnmekm"=hex:6a,61,66,6d,68,66,61,6f,64,64,6b,6a,6e,6c,68,6f,6d,6e,
70,62,00,f2
"haipfdcfmbpppcpm"=hex:6a,61,66,6d,68,66,61,6f,64,64,6b,6a,6e,6c,68,6f,6d,6e,
70,62,00,f2
"eaacmjoged"=hex:61,61,00,7c
"eagpclefbf"=hex:61,61,00,7c
.
Completion time: 2010-03-27 19:56:32
ComboFix-quarantined-files.txt 2010-03-27 18:56
ComboFix2.txt 2010-03-17 17:19
ComboFix3.txt 2010-03-17 17:02

Pre-Run: 18,162,040,832 bytes free
Post-Run: 18,168,897,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A9A34F0697A66BF7B8B6E273894402A3

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
vvhslws

Firefox::
FF - ProfilePath - c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=RfwXD0hH0_yfVz.W9XH1uw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 51

ComboFix 10-03-26.02 - Goran 03/27/2010 20:49:33.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1627 [GMT 1:00]
Running from: c:\documents and settings\Goran\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Goran\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VVHSLWS
-------\Service_vvhslws


((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-27 00:49 . 2009-07-21 13:40 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2010-03-27 00:49 . 2009-06-03 15:26 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2010-03-27 00:49 . 2009-04-09 09:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2010-03-27 00:49 . 2009-02-13 15:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2010-03-27 00:49 . 2008-12-05 10:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2010-03-27 00:48 . 2010-03-27 00:48 -------- d-----w- c:\program files\Common Files\Skype
2010-03-27 00:45 . 2010-03-27 00:45 1481488 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-26 19:57 . 2010-03-26 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-26 19:57 . 2010-03-26 21:18 -------- d-----w- c:\documents and settings\Goran\Application Data\SUPERAntiSpyware.com
2010-03-26 19:57 . 2010-03-26 21:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-26 00:42 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-26 00:42 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-26 00:42 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-26 00:42 . 2010-03-26 00:42 -------- d-----w- c:\program files\Avira
2010-03-26 00:42 . 2010-03-26 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\documents and settings\Goran\Application Data\Malwarebytes
2010-03-17 17:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 17:23 . 2010-03-17 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-17 17:23 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 16:14 . 2010-03-23 08:59 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\avG
2010-03-16 14:29 . 2010-03-16 14:29 65296 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-16 14:26 . 2010-03-16 14:26 -------- d-----w- c:\program files\Bonjour
2010-03-14 14:10 . 2010-03-24 21:20 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\Temp
2010-03-11 14:07 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-11 14:07 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-03-11 14:07 . 2010-03-11 14:07 -------- d-----w- c:\windows\Logs
2010-03-11 14:06 . 2010-03-11 14:06 -------- d-----w- c:\program files\Winamp Detect
2010-03-02 16:23 . 2010-03-02 16:27 -------- d-----w- c:\documents and settings\Goran\Application Data\FVZilla
2010-03-02 16:23 . 2010-03-02 16:27 -------- d-----w- c:\program files\Free Video Zilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 19:55 . 2009-08-16 10:41 -------- d-----w- c:\documents and settings\Goran\Application Data\Skype
2010-03-27 19:27 . 2009-10-14 13:03 -------- d-----w- c:\program files\BitComet
2010-03-27 15:01 . 2009-08-16 10:43 -------- d-----w- c:\documents and settings\Goran\Application Data\skypePM
2010-03-27 02:31 . 2009-10-14 13:17 -------- d-----w- c:\program files\CometBird
2010-03-27 00:50 . 2009-08-16 20:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-21 14:54 . 2009-09-15 09:21 45 ----a-w- c:\windows\popcinfo.dat
2010-03-19 20:28 . 2010-03-19 20:28 8 ----a-w- c:\documents and settings\NetworkService\Application Data\jasltw.dat
2010-03-17 14:28 . 2009-10-19 23:25 -------- d-----w- c:\documents and settings\Goran\Application Data\Incredible Ink
2010-03-17 14:09 . 2010-03-17 14:09 12 ----a-w- c:\documents and settings\NetworkService\Application Data\zxcdyt.dat
2010-03-16 14:29 . 2010-02-12 07:43 -------- d-----w- c:\documents and settings\Goran\Application Data\Apple Computer
2010-03-16 14:15 . 2010-02-23 16:28 -------- d-----w- c:\program files\Opera
2010-03-11 14:07 . 2009-08-15 10:16 -------- d-----w- c:\program files\Winamp
2010-02-25 09:54 . 2010-02-24 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-24 19:47 . 2010-02-24 19:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-02-24 18:29 . 2010-02-24 18:29 1923768 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-02-24 18:27 . 2010-02-24 16:10 1923880 ----a-w- c:\documents and settings\Goran\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-02-24 13:32 . 2009-09-23 00:11 -------- d-----w- c:\program files\RealArcade
2010-02-24 13:20 . 2009-08-16 19:03 -------- d-----w- c:\program files\Macromedia
2010-02-24 13:20 . 2009-08-15 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 22:50 . 2010-02-18 22:50 -------- d-----w- c:\program files\Engleski
2010-02-14 22:34 . 2010-02-14 22:34 1437696 ----a-w- c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\extensions\bookmarks@cometmarks.com\components\ICometMarksExtension.dll
2010-02-14 22:34 . 2010-02-14 22:34 -------- d-----w- c:\program files\CometMarks
2010-02-12 12:58 . 2010-02-12 12:58 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 07:35 . 2009-10-18 12:20 -------- d-----w- c:\documents and settings\Goran\Application Data\PC Suite
2010-02-09 19:50 . 2009-08-15 09:49 88512 ----a-w- c:\documents and settings\Goran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 17:46 . 2010-02-09 14:12 52224 ----a-w- c:\documents and settings\Goran\Application Data\CometNetwork\CometBird\Profiles\uxzfu4xl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-02-04 17:46 . 2010-02-09 14:12 101376 ----a-w- c:\documents and settings\Goran\Application Data\CometNetwork\CometBird\Profiles\uxzfu4xl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-01-29 11:23 . 2010-01-29 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-21 17:01 . 2010-01-21 17:01 128 ----a-w- c:\documents and settings\Goran\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((( SnapShot_2010-03-27_18.55.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-27 19:54 . 2010-03-27 19:54 16384 c:\windows\temp\Perflib_Perfdata_26c.dat
+ 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2009-08-15 09:39 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2009-08-15 09:39 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-03-27 19:46 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-08-15 09:39 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-08-15 09:39 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 11:41 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 11:41 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2009-08-15 09:39 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2009-08-15 09:39 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2009-08-15 09:39 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2009-08-15 09:39 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-08-15 09:39 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-08-15 09:39 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-08-15 09:39 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2009-08-15 09:39 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-09-24 2768696]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"Google Update"="c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-14 135664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Goran\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8144:TCP"= 8144:TCP:BitComet 8144 TCP
"8144:UDP"= 8144:UDP:BitComet 8144 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/12/2010 1:58 PM 685816]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [6/27/2008 3:50 PM 61424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/26/2010 1:42 AM 108289]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [4/8/2005 9:46 AM 162176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/15/2009 11:04 AM 1684736]
.
Contents of the 'Scheduled Tasks' folder

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-1801674531-1003Core.job
- c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 14:10]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-1801674531-1003UA.job
- c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 14:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\vqm6ocem.default\extensions\bookmarks@cometmarks.com\components\ICometMarksExtension.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1614895754-838170752-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B53329D-D4E4-A282-D395-B6CF193DBA77}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaopppengbbkgnmekm"=hex:6a,61,66,6d,68,66,61,6f,64,64,6b,6a,6e,6c,68,6f,6d,6e,
70,62,00,f2
"haipfdcfmbpppcpm"=hex:6a,61,66,6d,68,66,61,6f,64,64,6b,6a,6e,6c,68,6f,6d,6e,
70,62,00,f2
"eaacmjoged"=hex:61,61,00,7c
"eagpclefbf"=hex:61,61,00,7c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2696)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\System32\PAStiSvc.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\documents and settings\Goran\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Skype\Toolbars\Shared\SkypeNames2.exe
.
**************************************************************************
.
Completion time: 2010-03-27 20:57:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-27 19:57
ComboFix2.txt 2010-03-27 18:56
ComboFix3.txt 2010-03-17 17:19
ComboFix4.txt 2010-03-17 17:02

Pre-Run: 18,163,892,224 bytes free
Post-Run: 18,018,304,000 bytes free

- - End Of File - - F739219D180D72B82F5EF7F4ABE2BA99

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Imas li sada problema?

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 51

Napisano: 27 Mar 2010 23:21

Ne primecujem nikakav problem za sada , testiracu u narednih nekoliko dana ako nesto primetim javljam vam se , samo jos da resim problem sa nevidljivim skriptama ili ko zna cime na sajtovima i sve ce biti savrseno
Hvala puno na brzoj pomoci, najvaznije je da mi niko ne hakuje FTP u total commander.

Dopuna: 31 Mar 2010 0:21

Upomoc , moj PC idalje se normalno ponasa ali evo sta mi je nasao stinger sta da radim? Ljudi pomagajte , prikacicu vam fajl
mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Sto skeniras tim stingerom, koristi AV redovan.

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 51

sada imam aviru , mislila si na Avast?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Mislio sam na Stinger, McAfee Stinger. Sto si sa njim skenirao?

Jel javlja Avira nesto?

Ko je trenutno na forumu
 

Ukupno su 494 korisnika na forumu :: 8 registrovanih, 0 sakrivenih i 486 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel2, bato, cikadeda, djo97, Filip Marinković, havoc995, Mixelotti, Zi0mek