Molim za pomoc - zarazen komp

Molim za pomoc - zarazen komp

offline
  • Pridružio: 18 Avg 2009
  • Poruke: 5

Moze li pomoc, comp mi je totalno zarazen. Ima instaliran kaspersky i AVG ali su ih virusi potpuno blokirali, tako da ih ne mogu ni pokrenuti,... Citala sam malo savete koje ste ranije davali i instalirala ComboFix, kako bih dobila izvestaj,... Mozda to i nije bilo pametno?! Kako god evo izvestaja, pa ako mi neko moze pomoci,...
Hvala!

_______________________________________

ComboFix 09-08-10.06 - 18/08/2009 15:51.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.486 [GMT 2:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\WINSSSys
c:\documents and settings\All Users\Application Data\WINSSSys\winss.cfg
c:\documents and settings\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Security Suite.lnk
c:\documents and settings\Application Data\Windows Security Suite
c:\documents and settings\Application Data\Windows Security Suite\cookies.sqlite
c:\documents and settings\Application Data\Windows Security Suite\Instructions.ini
c:\documents and settings\Desktop\Windows Security Suite.lnk
c:\documents and settings\Start Menu\Programs\Windows Security Suite.lnk
c:\documents and settings\Start Menu\Windows Security Suite.lnk
c:\program files\FunWebProducts
c:\program files\FunWebProducts\PopSwatr\History\allowed
c:\program files\FunWebProducts\PopSwatr\History\notallow
c:\program files\FunWebProducts\ScreenSaver\Images\00268E7B.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\temp.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00023DAB
c:\program files\MyWebSearch\bar\Cache\00052A53
c:\program files\MyWebSearch\bar\Cache\0006B691
c:\program files\MyWebSearch\bar\Cache\000E313D
c:\program files\MyWebSearch\bar\Cache\000E4235
c:\program files\MyWebSearch\bar\Cache\000E4E5A
c:\program files\MyWebSearch\bar\Cache\0026285F.bin
c:\program files\MyWebSearch\bar\Cache\0026458B.bin
c:\program files\MyWebSearch\bar\Cache\00266940.bin
c:\program files\MyWebSearch\bar\Cache\00267C2C.bin
c:\program files\MyWebSearch\bar\Cache\0026DDB5.bin
c:\program files\MyWebSearch\bar\Cache\0026F1C9.bin
c:\program files\MyWebSearch\bar\Cache\0027064B
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\recycler\S-1-5-21-2894442735-3484601868-1936406728-500
c:\windows\logfile32.txt
c:\windows\system32\drivers\lsass.exe
c:\windows\system32\Drivers\sysdrv32.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\wpv381229782905.cpx
c:\windows\system32\wpv811229782589.cpx
c:\windows\wiaserviv.log
c:\windows\winsvc32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Legacy_WIN32X
-------\Service_sysdrv32
-------\Service_win32x


((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-21 07:02 . 2009-07-31 20:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2009-08-18 14:00 . 2009-08-18 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WINSSSys
2009-08-17 15:21 . 2009-08-17 15:21 152576 ----a-w- c:\documents and settings\Goga\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-16 15:45 . 2009-08-16 15:45 82944 --sh--r- c:\windows\system32\drivers\dllhost.exe
2009-08-13 20:10 . 2009-08-13 20:10 76338 ----a-w- c:\windows\system32\55.scr
2009-08-13 14:46 . 2009-08-13 14:46 49668 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-12 08:35 . 2009-08-12 08:35 86528 ----a-w- c:\windows\system32\18.scr
2009-08-12 08:35 . 2009-08-12 08:35 76338 ----a-w- c:\windows\system32\14.scr
2009-08-11 12:57 . 2009-08-11 12:57 71680 --sh--r- c:\windows\system\netmon.exe
2009-08-11 12:56 . 2009-08-11 12:57 71680 ----a-w- c:\windows\system32\06.scr
2009-08-11 12:43 . 2009-08-11 12:43 83456 ----a-w- c:\windows\system32\43.scr
2009-08-11 12:31 . 2009-08-11 12:31 76338 ----a-w- c:\windows\system32\16.scr
2009-08-10 19:45 . 2009-08-10 19:45 83456 --sh--r- c:\windows\system32\drivers\ZrxMgr.exe
2009-08-10 19:45 . 2009-08-10 19:45 83456 ----a-w- c:\windows\system32\71.scr
2009-08-10 19:44 . 2009-08-10 19:44 77824 --sh--r- c:\windows\msath32.exe
2009-08-10 19:44 . 2009-08-10 19:44 77824 ----a-w- c:\windows\system32\50.scr
2009-08-03 09:56 . 2009-08-03 09:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-03 09:56 . 2009-08-14 14:54 -------- d-----w- c:\documents and settings\Goga\Application Data\skypePM
2009-08-03 09:47 . 2009-08-14 14:55 -------- d-----w- c:\documents and settings\Goga\Application Data\Skype
2009-08-03 09:46 . 2009-08-03 09:46 -------- d-----w- c:\program files\Common Files\Skype
2009-08-03 09:46 . 2009-08-03 09:47 -------- d-----r- c:\program files\Skype
2009-08-03 09:46 . 2009-08-03 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-01 16:49 . 2009-08-01 16:49 -------- d-----w- c:\program files\iPod
2009-08-01 16:49 . 2009-08-01 16:49 -------- d-----w- c:\program files\iTunes
2009-08-01 16:46 . 2009-08-01 16:46 -------- d-----w- c:\program files\Bonjour
2009-08-01 16:37 . 2009-08-01 16:37 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe
2009-07-30 09:55 . 2009-07-30 09:55 -------- d--h--w- c:\windows\PIF
2009-07-29 14:13 . 2009-07-29 14:13 91700 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-29 14:13 . 2009-07-29 14:13 85860 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-29 14:12 . 2009-07-29 14:12 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-29 14:12 . 2009-07-29 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-29 13:59 . 2009-07-29 14:11 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-27 07:38 . 2009-06-09 16:09 395768 ----a-w- c:\documents and settings\All Users\Application Data\93af25d\sqlite3.dll
2009-07-27 07:38 . 2009-06-09 16:09 710136 ----a-w- c:\documents and settings\All Users\Application Data\93af25d\mozcrt19.dll
2009-07-27 07:38 . 2009-07-27 07:38 2304000 ----a-w- c:\documents and settings\All Users\Application Data\93af25d\WI93af.exe
2009-07-27 07:36 . 2009-07-27 07:38 -------- d-sh--w- c:\documents and settings\All Users\Application Data\93af25d
2009-07-24 08:06 . 2009-07-02 06:55 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-24 08:06 . 2009-07-02 06:55 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-24 08:06 . 2009-07-02 06:55 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-24 08:06 . 2009-07-02 06:55 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-24 08:06 . 2009-07-02 06:55 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-24 08:06 . 2009-07-02 06:55 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-24 08:06 . 2009-07-02 06:55 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-24 08:06 . 2009-07-02 06:55 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-24 08:06 . 2009-07-02 06:55 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-24 08:06 . 2009-07-02 06:55 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-24 08:06 . 2009-07-02 06:54 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-24 08:05 . 2009-07-02 06:51 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-24 08:05 . 2009-07-02 06:51 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 14:04 . 2009-08-18 14:04 86060 ----a-w- C:\2e1u6e7w9x2.exe
2009-08-18 14:04 . 2008-12-08 13:25 4937760 -csha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-18 14:02 . 2008-12-08 13:25 152352 -csha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-18 14:00 . 2008-12-08 13:25 59864 -csha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-18 14:00 . 2008-12-08 13:25 15308 -csha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-17 15:21 . 2009-01-29 10:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-13 14:45 . 2009-01-04 15:43 -------- d-----w- c:\documents and settings\Goga\Application Data\Apple Computer
2009-08-07 07:34 . 2009-01-04 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-03 19:44 . 2009-03-12 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-03 06:52 . 2009-03-12 18:08 -------- d-----w- c:\program files\NOS
2009-08-01 17:00 . 2009-03-23 09:34 -------- d-----w- c:\program files\Safari
2009-08-01 16:49 . 2009-01-04 15:40 -------- d-----w- c:\program files\Common Files\Apple
2009-07-29 14:00 . 2004-12-15 16:45 -------- d-----w- c:\program files\Yahoo!
2009-07-29 13:59 . 2004-12-15 16:37 -------- d-----w- c:\program files\Sony
2009-07-29 13:59 . 2004-12-15 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-07-29 13:58 . 2008-12-08 13:22 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-29 13:55 . 2008-12-06 15:50 -------- d-----w- c:\program files\MoodLogic
2009-07-29 13:54 . 2004-12-15 16:35 -------- d-----w- c:\program files\Java
2009-07-29 13:51 . 2009-05-15 09:16 -------- d-----w- c:\program files\Axis Communications
2009-07-29 13:50 . 2004-12-15 16:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-24 08:06 . 2008-12-08 13:28 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 06:55 . 2008-12-08 13:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 10:39 . 2009-01-03 15:37 -------- d-----w- c:\documents and settings\Goga\Application Data\Nokia Multimedia Player
2009-06-21 08:36 . 2008-12-06 17:23 58840 ----a-w- c:\documents and settings\Goga\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 06:56 . 2009-06-19 06:56 292878 ----a-r- c:\documents and settings\Goga\Application Data\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe
2009-06-19 06:25 . 2009-04-06 11:39 108341 ----a-w- c:\documents and settings\Goga\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2009-06-06 16:44 . 2009-06-06 16:44 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-31 12:39 . 2009-05-31 12:39 142336 ----a-w- c:\windows\system32\04.scr
2009-05-29 11:36 . 2009-06-06 16:54 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 11:36 . 2009-06-06 16:54 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 07:19 . 2009-05-29 07:18 141454 ----a-w- c:\windows\system32\asr_41432.exe
2009-05-21 06:51 . 2008-12-08 13:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-16 17:01 . 2009-04-16 16:53 1205 ----a-w- c:\program files\URLLink.acsm
2009-01-04 15:39 . 2009-01-04 15:38 68756776 ----a-w- c:\program files\iTunesSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-19 39408]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-23 5406720]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-21 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-10-25 167936]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-21 151552]
"PDService.exe"="c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"PrepareYourVAIO"="c:\program files\sony\Prepare your VAIO\PYVAlert.exe" [2004-09-09 106496]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 3096576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Microsoft Driver Setup"="c:\windows\system32\drivers\dllhost.exe" [2009-08-16 82944]
"netmon"="c:\windows\system\netmon.exe" [2009-08-11 71680]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 06:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 15:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MRSVSS Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system\\mrsvss.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\System32\\71.scr"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\93af25d\\WI93af.exe"=
"c:\\WINDOWS\\system\\netmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/12/2008 15:28 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/12/2008 15:28 108552]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 16:07 45627]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [14/12/2004 07:31 71961]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gupdate1c9de90fbe32e8;Google Update Service (gupdate1c9de90fbe32e8-);c:\program files\Google\Update\GoogleUpdate.exe [27/05/2009 07:57 133104]
S2 MRSVSS Service;MRSVSS Service;c:\windows\system\mrsvss.exe [22/06/2009 10:23 56320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SYSDRV32
.
Contents of the 'Scheduled Tasks' folder

2009-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-18 05:54]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 05:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
HKLM-Run-winsvc321 - winsvc32.exe
SafeBoot-netmon


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drenik.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYRS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://93.87.16.18/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-18 16:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\windows\system\netmon.exe [2116] 0x85FE8880

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(1436)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll

- - - - - - - > 'explorer.exe'(1808-)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-18 16:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 14:07

Pre-Run: 2,179,538,944 bytes free
Post-Run: 2,848,874,496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /PAE /NoExecute=OptOut

394

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Dok si čitala, da li si primetila da su određene teme u forumu Ambulanta obeležene sa Važno?

Jedna od takvih tema je i ova: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Naziv teme je (verovala il' ne): Kako otvoriti temu u Ambulanti.




-------------------------------------------------------------------------------------




Sada otvori taj link, skroluj na dole dok dođeš do dela Korak #3 (za 32-bitni Windows): i isprati uputstvo za program Gmer.


Takođe, odluči se za jedan antivirus i deinstaliraj onaj drugi (preporučio bih da deinstaliraš AVG pošto se čini da je oštećen).

offline
  • Pridružio: 18 Avg 2009
  • Poruke: 5

dr_boro, hvala najlepse Smile uradila sve po uputstvu, a evo i prikacenih fajlova:

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Sto se tice antivirusa, AVG antivirus uklonjen davno sa liste - Control Panel, Add/Remove programs i folder AVG (C/Program files)je prazan tako da ne znam treci nacin kako da uklonim instalaciju. Mislim, obzirom da je jos uvek na spisku programa u START meniju,...

Smile cekam dalja uputstva,...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\windows\system32\drivers\dllhost.exe
c:\windows\system32\55.scr
c:\windows\system32\18.scr
c:\windows\system32\14.scr
c:\windows\system\netmon.exe
c:\windows\system32\06.scr
c:\windows\system32\43.scr
c:\windows\system32\16.scr
c:\windows\system32\drivers\ZrxMgr.exe
c:\windows\system32\71.scr
c:\windows\msath32.exe
c:\windows\system32\50.scr
C:\2e1u6e7w9x2.exe
c:\windows\system32\04.scr

Folder::
c:\documents and settings\All Users\Application Data\WINSSSys
c:\documents and settings\All Users\Application Data\93af25d

Driver::
MRSVSS Service

DDS::
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYRS

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Driver Setup"=-
"netmon"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MRSVSS Service]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system\\mrsvss.exe"=-
"c:\\WINDOWS\\System32\\71.scr"=-
"c:\\Documents and Settings\\All Users\\Application Data\\93af25d\\WI93af.exe"=-
"c:\\WINDOWS\\system\\netmon.exe"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 18 Avg 2009
  • Poruke: 5

uradila. evo scan result-a
__________________

ComboFix 09-08-10.06 - Goga 19/08/2009 8:53.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.572 [GMT 2:00]
Running from: c:\documents and settings\Goga\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Goga\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"C:\2e1u6e7w9x2.exe"
"c:\windows\msath32.exe"
"c:\windows\system\netmon.exe"
"c:\windows\system32\04.scr"
"c:\windows\system32\06.scr"
"c:\windows\system32\14.scr"
"c:\windows\system32\16.scr"
"c:\windows\system32\18.scr"
"c:\windows\system32\43.scr"
"c:\windows\system32\50.scr"
"c:\windows\system32\55.scr"
"c:\windows\system32\71.scr"
"c:\windows\system32\drivers\dllhost.exe"
"c:\windows\system32\drivers\ZrxMgr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2e1u6e7w9x2.exe
c:\documents and settings\All Users\Application Data\93af25d
c:\documents and settings\All Users\Application Data\93af25d\BackUp\Acrobat Assistant.lnk
c:\documents and settings\All Users\Application Data\93af25d\mozcrt19.dll
c:\documents and settings\All Users\Application Data\93af25d\sqlite3.dll
c:\documents and settings\All Users\Application Data\93af25d\WI93af.exe
c:\documents and settings\All Users\Application Data\93af25d\WINSS.ico
c:\documents and settings\All Users\Application Data\93af25d\WINSSSys\vd952342.bd
c:\documents and settings\All Users\Application Data\WINSSSys
c:\windows\logfile32.txt
c:\windows\msath32.exe
c:\windows\system\netmon.exe
c:\windows\system32\04.scr
c:\windows\system32\06.scr
c:\windows\system32\14.scr
c:\windows\system32\16.scr
c:\windows\system32\18.scr
c:\windows\system32\43.scr
c:\windows\system32\50.scr
c:\windows\system32\55.scr
c:\windows\system32\71.scr
c:\windows\system32\drivers\dllhost.exe
c:\windows\system32\Drivers\sysdrv32.sys
c:\windows\system32\drivers\ZrxMgr.exe
c:\windows\system32\msvcrt2.dll
c:\windows\system32\sysmgr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRSVSS_SERVICE
-------\Legacy_SYSDRV32
-------\Service_MRSVSS Service
-------\Service_sysdrv32


((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-21 07:02 . 2009-07-31 20:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2009-08-17 15:21 . 2009-08-17 15:21 152576 ----a-w- c:\documents and settings\Goga\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-13 14:46 . 2009-08-13 14:46 49668 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-03 09:56 . 2009-08-03 09:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-03 09:56 . 2009-08-18 14:37 -------- d-----w- c:\documents and settings\Goga\Application Data\skypePM
2009-08-03 09:47 . 2009-08-18 14:38 -------- d-----w- c:\documents and settings\Goga\Application Data\Skype
2009-08-03 09:46 . 2009-08-03 09:46 -------- d-----w- c:\program files\Common Files\Skype
2009-08-03 09:46 . 2009-08-03 09:47 -------- d-----r- c:\program files\Skype
2009-08-03 09:46 . 2009-08-03 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-01 16:49 . 2009-08-01 16:49 -------- d-----w- c:\program files\iPod
2009-08-01 16:49 . 2009-08-01 16:49 -------- d-----w- c:\program files\iTunes
2009-08-01 16:46 . 2009-08-01 16:46 -------- d-----w- c:\program files\Bonjour
2009-08-01 16:37 . 2009-08-01 16:37 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe
2009-07-30 09:55 . 2009-07-30 09:55 -------- d--h--w- c:\windows\PIF
2009-07-29 14:13 . 2009-07-29 14:13 91700 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-29 14:13 . 2009-07-29 14:13 85860 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-29 14:12 . 2009-07-29 14:12 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-29 14:12 . 2009-07-29 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-29 13:59 . 2009-07-29 14:11 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-24 08:06 . 2009-07-02 06:55 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-24 08:06 . 2009-07-02 06:55 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-24 08:06 . 2009-07-02 06:55 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-24 08:06 . 2009-07-02 06:55 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-24 08:06 . 2009-07-02 06:55 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-24 08:06 . 2009-07-02 06:55 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-24 08:06 . 2009-07-02 06:55 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-24 08:06 . 2009-07-02 06:55 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-24 08:06 . 2009-07-02 06:55 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-24 08:06 . 2009-07-02 06:55 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-24 08:06 . 2009-07-02 06:54 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-24 08:05 . 2009-07-02 06:51 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-24 08:05 . 2009-07-02 06:51 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 07:06 . 2008-12-08 13:25 5107744 -csha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-19 07:03 . 2008-12-08 13:25 158752 -csha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-19 07:02 . 2008-12-08 13:25 61856 -csha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-19 07:02 . 2008-12-08 13:25 15908 -csha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-17 15:21 . 2009-01-29 10:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-13 14:45 . 2009-01-04 15:43 -------- d-----w- c:\documents and settings\Goga\Application Data\Apple Computer
2009-08-07 07:34 . 2009-01-04 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-03 19:44 . 2009-03-12 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-03 06:52 . 2009-03-12 18:08 -------- d-----w- c:\program files\NOS
2009-08-01 17:00 . 2009-03-23 09:34 -------- d-----w- c:\program files\Safari
2009-08-01 16:49 . 2009-01-04 15:40 -------- d-----w- c:\program files\Common Files\Apple
2009-07-29 14:00 . 2004-12-15 16:45 -------- d-----w- c:\program files\Yahoo!
2009-07-29 13:59 . 2004-12-15 16:37 -------- d-----w- c:\program files\Sony
2009-07-29 13:59 . 2004-12-15 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-07-29 13:58 . 2008-12-08 13:22 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-29 13:55 . 2008-12-06 15:50 -------- d-----w- c:\program files\MoodLogic
2009-07-29 13:54 . 2004-12-15 16:35 -------- d-----w- c:\program files\Java
2009-07-29 13:51 . 2009-05-15 09:16 -------- d-----w- c:\program files\Axis Communications
2009-07-29 13:50 . 2004-12-15 16:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-24 08:06 . 2008-12-08 13:28 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 06:55 . 2008-12-08 13:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 10:39 . 2009-01-03 15:37 -------- d-----w- c:\documents and settings\Goga\Application Data\Nokia Multimedia Player
2009-06-21 08:36 . 2008-12-06 17:23 58840 ----a-w- c:\documents and settings\Goga\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 06:56 . 2009-06-19 06:56 292878 ----a-r- c:\documents and settings\Goga\Application Data\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe
2009-06-19 06:25 . 2009-04-06 11:39 108341 ----a-w- c:\documents and settings\Goga\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2009-06-06 16:44 . 2009-06-06 16:44 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 11:36 . 2009-06-06 16:54 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 11:36 . 2009-06-06 16:54 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 07:19 . 2009-05-29 07:18 141454 ----a-w- c:\windows\system32\asr_41432.exe
2009-04-16 17:01 . 2009-04-16 16:53 1205 ----a-w- c:\program files\URLLink.acsm
2009-01-04 15:39 . 2009-01-04 15:38 68756776 ----a-w- c:\program files\iTunesSetup.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-08-18_14.02.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-19 07:03 . 2009-08-19 07:03 16384 c:\windows\Temp\Perflib_Perfdata_7d8.dat
- 2009-08-18 13:59 . 2009-08-18 13:59 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-19 07:01 . 2009-08-19 07:01 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-18 13:59 . 2009-08-18 13:59 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-19 07:01 . 2009-08-19 07:01 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-18 13:59 . 2009-08-18 13:59 237568 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-19 07:01 . 2009-08-19 07:01 237568 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-19 07:01 . 2009-08-19 07:01 196608 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-18 13:59 . 2009-08-18 13:59 196608 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-19 07:01 . 2009-08-19 07:01 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
- 2009-08-18 13:59 . 2009-08-18 13:59 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
- 2009-08-18 13:59 . 2009-08-18 13:59 6422528 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-19 07:01 . 2009-08-19 07:01 6422528 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-19 39408]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-23 5406720]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-21 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-10-25 167936]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-21 151552]
"PDService.exe"="c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"PrepareYourVAIO"="c:\program files\sony\Prepare your VAIO\PYVAlert.exe" [2004-09-09 106496]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 3096576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 06:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 15:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/12/2008 15:28 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/12/2008 15:28 108552]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 16:07 45627]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [14/12/2004 07:31 71961]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gupdate1c9de90fbe32e8;Google Update Service (gupdate1c9de90fbe32e8-);c:\program files\Google\Update\GoogleUpdate.exe [27/05/2009 07:57 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-18 05:54]

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 05:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Microsoft(R) System Manager - c:\windows\system32\sysmgr.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drenik.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://93.87.16.18/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-19 09:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(1436)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll

- - - - - - - > 'explorer.exe'(3692)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-19 9:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 07:08
ComboFix2.txt 2009-08-18 14:07

Pre-Run: 2,836,914,176 bytes free
Post-Run: 2,784,333,824 bytes free

298

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Alati za deinstalaciju AV programa: http://www.mycity.rs/Antivirus-programi/Deinstalac.....grama.html

Ukloni AVG i KAV, a zatim instaliraj neki antivirus.

Kad to odradiš, javi kakvo je sada stanje.

offline
  • Pridružio: 18 Avg 2009
  • Poruke: 5

dr_boro hvala najlepse. cini se da je sada sve ok Smile sve mirno Smile
jedino na pocetku javlja poruku:
_______________________________________
Data Execution Prevention Microsoft Windows

To help protect Microsoft has closed this program.

Name: Generic Host Process for Win32 Services
Publisher: Microsoft Corporation

Change message Close message
________________________________________

ne znam sta je to, ali sve ostalo radi i zvuci ok,...
hvala jos jednom Smile

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.





Za tu poruku koja se javlja, otvori temu u Windows forumu.

offline
  • Pridružio: 18 Avg 2009
  • Poruke: 5

ok. hvala Smile

Ko je trenutno na forumu
 

Ukupno su 993 korisnika na forumu :: 53 registrovanih, 6 sakrivenih i 934 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Apok, Ben Roj, black venom, bojank, chica, comi991, Dannyboy, Darkhunter, dragoljub11987, Džordžino, Frunze, GandorCC, Georgius, gorval, goxin, haris1913, HrcAk47, ILGromovnik, krlebgd77, kybonacci, mercedesamg, Milan A. Nikolic, MilosKop, Misirac, mkukoleca, mocnijogurt, nemkea71, powSrb, raskoljnikov, Ripanjac, RiV, Rocker, ser.hill, Shinobi, Skakac7, solic, SOVO515, Srle993, stagezin, Stanlio, Steeeefan, Stoilkovic, TITAN DUDIN JARAN, Trpe Grozni, TTN, vathra, VJ, Vlada1389, Vlada78, vladulns, Zimbabwe, Zlikowsky, zmajbre