Molim za pomoc - zarazen komp

Molim za pomoc - zarazen komp

offline
  • Pridružio: 18 Avg 2009
  • Poruke: 5

Moze li pomoc, comp mi je totalno zarazen. Ima instaliran kaspersky i AVG ali su ih virusi potpuno blokirali, tako da ih ne mogu ni pokrenuti,... Citala sam malo savete koje ste ranije davali i instalirala ComboFix, kako bih dobila izvestaj,... Mozda to i nije bilo pametno?! Kako god evo izvestaja, pa ako mi neko moze pomoci,...
Hvala!

_______________________________________

ComboFix 09-08-10.06 - 18/08/2009 15:51.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.486 [GMT 2:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\WINSSSys
c:\documents and settings\All Users\Application Data\WINSSSys\winss.cfg
c:\documents and settings\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Security Suite.lnk
c:\documents and settings\Application Data\Windows Security Suite
c:\documents and settings\Application Data\Windows Security Suite\cookies.sqlite
c:\documents and settings\Application Data\Windows Security Suite\Instructions.ini
c:\documents and settings\Desktop\Windows Security Suite.lnk
c:\documents and settings\Start Menu\Programs\Windows Security Suite.lnk
c:\documents and settings\Start Menu\Windows Security Suite.lnk
c:\program files\FunWebProducts
c:\program files\FunWebProducts\PopSwatr\History\allowed
c:\program files\FunWebProducts\PopSwatr\History\notallow
c:\program files\FunWebProducts\ScreenSaver\Images\00268E7B.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\temp.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00023DAB
c:\program files\MyWebSearch\bar\Cache\00052A53
c:\program files\MyWebSearch\bar\Cache\0006B691
c:\program files\MyWebSearch\bar\Cache\000E313D
c:\program files\MyWebSearch\bar\Cache\000E4235
c:\program files\MyWebSearch\bar\Cache\000E4E5A
c:\program files\MyWebSearch\bar\Cache\0026285F.bin
c:\program files\MyWebSearch\bar\Cache\0026458B.bin
c:\program files\MyWebSearch\bar\Cache\00266940.bin
c:\program files\MyWebSearch\bar\Cache\00267C2C.bin
c:\program files\MyWebSearch\bar\Cache\0026DDB5.bin
c:\program files\MyWebSearch\bar\Cache\0026F1C9.bin
c:\program files\MyWebSearch\bar\Cache\0027064B
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\recycler\S-1-5-21-2894442735-3484601868-1936406728-500
c:\windows\logfile32.txt
c:\windows\system32\drivers\lsass.exe
c:\windows\system32\Drivers\sysdrv32.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\wpv381229782905.cpx
c:\windows\system32\wpv811229782589.cpx
c:\windows\wiaserviv.log
c:\windows\winsvc32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Legacy_WIN32X
-------\Service_sysdrv32
-------\Service_win32x


((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-21 07:02 . 2009-07-31 20:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2009-08-18 14:00 . 2009-08-18 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WINSSSys
2009-08-17 15:21 . 2009-08-17 15:21 152576 ----a-w- c:\documents and settings\Goga\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-16 15:45 . 2009-08-16 15:45 82944 --sh--r- c:\windows\system32\drivers\dllhost.exe
2009-08-13 20:10 . 2009-08-13 20:10 76338 ----a-w- c:\windows\system32\55.scr
2009-08-13 14:46 . 2009-08-13 14:46 49668 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-12 08:35 . 2009-08-12 08:35 86528 ----a-w- c:\windows\system32\18.scr
2009-08-12 08:35 . 2009-08-12 08:35 76338 ----a-w- c:\windows\system32\14.scr
2009-08-11 12:57 . 2009-08-11 12:57 71680 --sh--r- c:\windows\system\netmon.exe
2009-08-11 12:56 . 2009-08-11 12:57 71680 ----a-w- c:\windows\system32\06.scr
2009-08-11 12:43 . 2009-08-11 12:43 83456 ----a-w- c:\windows\system32\43.scr
2009-08-11 12:31 . 2009-08-11 12:31 76338 ----a-w- c:\windows\system32\16.scr
2009-08-10 19:45 . 2009-08-10 19:45 83456 --sh--r- c:\windows\system32\drivers\ZrxMgr.exe
2009-08-10 19:45 . 2009-08-10 19:45 83456 ----a-w- c:\windows\system32\71.scr
2009-08-10 19:44 . 2009-08-10 19:44 77824 --sh--r- c:\windows\msath32.exe
2009-08-10 19:44 . 2009-08-10 19:44 77824 ----a-w- c:\windows\system32\50.scr
2009-08-03 09:56 . 2009-08-03 09:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-03 09:56 . 2009-08-14 14:54 -------- d-----w- c:\documents and settings\Goga\Application Data\skypePM
2009-08-03 09:47 . 2009-08-14 14:55 -------- d-----w- c:\documents and settings\Goga\Application Data\Skype
2009-08-03 09:46 . 2009-08-03 09:46 -------- d-----w- c:\program files\Common Files\Skype
2009-08-03 09:46 . 2009-08-03 09:47 -------- d-----r- c:\program files\Skype
2009-08-03 09:46 . 2009-08-03 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-01 16:49 . 2009-08-01 16:49 -------- d-----w- c:\program files\iPod
2009-08-01 16:49 . 2009-08-01 16:49 -------- d-----w- c:\program files\iTunes
2009-08-01 16:46 . 2009-08-01 16:46 -------- d-----w- c:\program files\Bonjour
2009-08-01 16:37 . 2009-08-01 16:37 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe
2009-07-30 09:55 . 2009-07-30 09:55 -------- d--h--w- c:\windows\PIF
2009-07-29 14:13 . 2009-07-29 14:13 91700 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-29 14:13 . 2009-07-29 14:13 85860 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-29 14:12 . 2009-07-29 14:12 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-29 14:12 . 2009-07-29 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-29 13:59 . 2009-07-29 14:11 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-27 07:38 . 2009-06-09 16:09 395768 ----a-w- c:\documents and settings\All Users\Application Data\93af25d\sqlite3.dll
2009-07-27 07:38 . 2009-06-09 16:09 710136 ----a-w- c:\documents and settings\All Users\Application Data\93af25d\mozcrt19.dll
2009-07-27 07:38 . 2009-07-27 07:38 2304000 ----a-w- c:\documents and settings\All Users\Application Data\93af25d\WI93af.exe
2009-07-27 07:36 . 2009-07-27 07:38 -------- d-sh--w- c:\documents and settings\All Users\Application Data\93af25d
2009-07-24 08:06 . 2009-07-02 06:55 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-24 08:06 . 2009-07-02 06:55 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-24 08:06 . 2009-07-02 06:55 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-24 08:06 . 2009-07-02 06:55 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-24 08:06 . 2009-07-02 06:55 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-24 08:06 . 2009-07-02 06:55 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-24 08:06 . 2009-07-02 06:55 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-24 08:06 . 2009-07-02 06:55 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-24 08:06 . 2009-07-02 06:55 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-24 08:06 . 2009-07-02 06:55 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-24 08:06 . 2009-07-02 06:54 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-24 08:05 . 2009-07-02 06:51 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-24 08:05 . 2009-07-02 06:51 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 14:04 . 2009-08-18 14:04 86060 ----a-w- C:\2e1u6e7w9x2.exe
2009-08-18 14:04 . 2008-12-08 13:25 4937760 -csha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-18 14:02 . 2008-12-08 13:25 152352 -csha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-18 14:00 . 2008-12-08 13:25 59864 -csha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-18 14:00 . 2008-12-08 13:25 15308 -csha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-17 15:21 . 2009-01-29 10:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-13 14:45 . 2009-01-04 15:43 -------- d-----w- c:\documents and settings\Goga\Application Data\Apple Computer
2009-08-07 07:34 . 2009-01-04 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-03 19:44 . 2009-03-12 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-03 06:52 . 2009-03-12 18:08 -------- d-----w- c:\program files\NOS
2009-08-01 17:00 . 2009-03-23 09:34 -------- d-----w- c:\program files\Safari
2009-08-01 16:49 . 2009-01-04 15:40 -------- d-----w- c:\program files\Common Files\Apple
2009-07-29 14:00 . 2004-12-15 16:45 -------- d-----w- c:\program files\Yahoo!
2009-07-29 13:59 . 2004-12-15 16:37 -------- d-----w- c:\program files\Sony
2009-07-29 13:59 . 2004-12-15 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-07-29 13:58 . 2008-12-08 13:22 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-29 13:55 . 2008-12-06 15:50 -------- d-----w- c:\program files\MoodLogic
2009-07-29 13:54 . 2004-12-15 16:35 -------- d-----w- c:\program files\Java
2009-07-29 13:51 . 2009-05-15 09:16 -------- d-----w- c:\program files\Axis Communications
2009-07-29 13:50 . 2004-12-15 16:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-24 08:06 . 2008-12-08 13:28 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 06:55 . 2008-12-08 13:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 10:39 . 2009-01-03 15:37 -------- d-----w- c:\documents and settings\Goga\Application Data\Nokia Multimedia Player
2009-06-21 08:36 . 2008-12-06 17:23 58840 ----a-w- c:\documents and settings\Goga\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 06:56 . 2009-06-19 06:56 292878 ----a-r- c:\documents and settings\Goga\Application Data\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe
2009-06-19 06:25 . 2009-04-06 11:39 108341 ----a-w- c:\documents and settings\Goga\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2009-06-06 16:44 . 2009-06-06 16:44 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-31 12:39 . 2009-05-31 12:39 142336 ----a-w- c:\windows\system32\04.scr
2009-05-29 11:36 . 2009-06-06 16:54 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 11:36 . 2009-06-06 16:54 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 07:19 . 2009-05-29 07:18 141454 ----a-w- c:\windows\system32\asr_41432.exe
2009-05-21 06:51 . 2008-12-08 13:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-16 17:01 . 2009-04-16 16:53 1205 ----a-w- c:\program files\URLLink.acsm
2009-01-04 15:39 . 2009-01-04 15:38 68756776 ----a-w- c:\program files\iTunesSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-19 39408]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-23 5406720]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-21 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-10-25 167936]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-21 151552]
"PDService.exe"="c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"PrepareYourVAIO"="c:\program files\sony\Prepare your VAIO\PYVAlert.exe" [2004-09-09 106496]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 3096576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Microsoft Driver Setup"="c:\windows\system32\drivers\dllhost.exe" [2009-08-16 82944]
"netmon"="c:\windows\system\netmon.exe" [2009-08-11 71680]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 06:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 15:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MRSVSS Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system\\mrsvss.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\System32\\71.scr"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\93af25d\\WI93af.exe"=
"c:\\WINDOWS\\system\\netmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/12/2008 15:28 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/12/2008 15:28 108552]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 16:07 45627]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [14/12/2004 07:31 71961]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gupdate1c9de90fbe32e8;Google Update Service (gupdate1c9de90fbe32e8-);c:\program files\Google\Update\GoogleUpdate.exe [27/05/2009 07:57 133104]
S2 MRSVSS Service;MRSVSS Service;c:\windows\system\mrsvss.exe [22/06/2009 10:23 56320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SYSDRV32
.
Contents of the 'Scheduled Tasks' folder

2009-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-18 05:54]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 05:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
HKLM-Run-winsvc321 - winsvc32.exe
SafeBoot-netmon


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drenik.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYRS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://93.87.16.18/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-18 16:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\windows\system\netmon.exe [2116] 0x85FE8880

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(1436)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll

- - - - - - - > 'explorer.exe'(1808-)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-18 16:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 14:07

Pre-Run: 2,179,538,944 bytes free
Post-Run: 2,848,874,496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /PAE /NoExecute=OptOut

394

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Dok si čitala, da li si primetila da su određene teme u forumu Ambulanta obeležene sa Važno?

Jedna od takvih tema je i ova: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Naziv teme je (verovala il' ne): Kako otvoriti temu u Ambulanti.




-------------------------------------------------------------------------------------




Sada otvori taj link, skroluj na dole dok dođeš do dela Korak #3 (za 32-bitni Windows): i isprati uputstvo za program Gmer.


Takođe, odluči se za jedan antivirus i deinstaliraj onaj drugi (preporučio bih da deinstaliraš AVG pošto se čini da je oštećen).

offline
  • Pridružio: 18 Avg 2009
  • Poruke: 5

dr_boro, hvala najlepse Smile uradila sve po uputstvu, a evo i prikacenih fajlova:

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Sto se tice antivirusa, AVG antivirus uklonjen davno sa liste - Control Panel, Add/Remove programs i folder AVG (C/Program files)je prazan tako da ne znam treci nacin kako da uklonim instalaciju. Mislim, obzirom da je jos uvek na spisku programa u START meniju,...

Smile cekam dalja uputstva,...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\windows\system32\drivers\dllhost.exe
c:\windows\system32\55.scr
c:\windows\system32\18.scr
c:\windows\system32\14.scr
c:\windows\system\netmon.exe
c:\windows\system32\06.scr
c:\windows\system32\43.scr
c:\windows\system32\16.scr
c:\windows\system32\drivers\ZrxMgr.exe
c:\windows\system32\71.scr
c:\windows\msath32.exe
c:\windows\system32\50.scr
C:\2e1u6e7w9x2.exe
c:\windows\system32\04.scr

Folder::
c:\documents and settings\All Users\Application Data\WINSSSys
c:\documents and settings\All Users\Application Data\93af25d

Driver::
MRSVSS Service

DDS::
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYRS

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Driver Setup"=-
"netmon"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MRSVSS Service]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system\\mrsvss.exe"=-
"c:\\WINDOWS\\System32\\71.scr"=-
"c:\\Documents and Settings\\All Users\\Application Data\\93af25d\\WI93af.exe"=-
"c:\\WINDOWS\\system\\netmon.exe"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 18 Avg 2009
  • Poruke: 5

uradila. evo scan result-a
__________________

ComboFix 09-08-10.06 - Goga 19/08/2009 8:53.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.572 [GMT 2:00]
Running from: c:\documents and settings\Goga\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Goga\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"C:\2e1u6e7w9x2.exe"
"c:\windows\msath32.exe"
"c:\windows\system\netmon.exe"
"c:\windows\system32\04.scr"
"c:\windows\system32\06.scr"
"c:\windows\system32\14.scr"
"c:\windows\system32\16.scr"
"c:\windows\system32\18.scr"
"c:\windows\system32\43.scr"
"c:\windows\system32\50.scr"
"c:\windows\system32\55.scr"
"c:\windows\system32\71.scr"
"c:\windows\system32\drivers\dllhost.exe"
"c:\windows\system32\drivers\ZrxMgr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2e1u6e7w9x2.exe
c:\documents and settings\All Users\Application Data\93af25d
c:\documents and settings\All Users\Application Data\93af25d\BackUp\Acrobat Assistant.lnk
c:\documents and settings\All Users\Application Data\93af25d\mozcrt19.dll
c:\documents and settings\All Users\Application Data\93af25d\sqlite3.dll
c:\documents and settings\All Users\Application Data\93af25d\WI93af.exe
c:\documents and settings\All Users\Application Data\93af25d\WINSS.ico
c:\documents and settings\All Users\Application Data\93af25d\WINSSSys\vd952342.bd
c:\documents and settings\All Users\Application Data\WINSSSys
c:\windows\logfile32.txt
c:\windows\msath32.exe
c:\windows\system\netmon.exe
c:\windows\system32\04.scr
c:\windows\system32\06.scr
c:\windows\system32\14.scr
c:\windows\system32\16.scr
c:\windows\system32\18.scr
c:\windows\system32\43.scr
c:\windows\system32\50.scr
c:\windows\system32\55.scr
c:\windows\system32\71.scr
c:\windows\system32\drivers\dllhost.exe
c:\windows\system32\Drivers\sysdrv32.sys
c:\windows\system32\drivers\ZrxMgr.exe
c:\windows\system32\msvcrt2.dll
c:\windows\system32\sysmgr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRSVSS_SERVICE
-------\Legacy_SYSDRV32
-------\Service_MRSVSS Service
-------\Service_sysdrv32


((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-21 07:02 . 2009-07-31 20:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2009-08-17 15:21 . 2009-08-17 15:21 152576 ----a-w- c:\documents and settings\Goga\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-13 14:46 . 2009-08-13 14:46 49668 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-03 09:56 . 2009-08-03 09:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-03 09:56 . 2009-08-18 14:37 -------- d-----w- c:\documents and settings\Goga\Application Data\skypePM
2009-08-03 09:47 . 2009-08-18 14:38 -------- d-----w- c:\documents and settings\Goga\Application Data\Skype
2009-08-03 09:46 . 2009-08-03 09:46 -------- d-----w- c:\program files\Common Files\Skype
2009-08-03 09:46 . 2009-08-03 09:47 -------- d-----r- c:\program files\Skype
2009-08-03 09:46 . 2009-08-03 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-01 16:49 . 2009-08-01 16:49 -------- d-----w- c:\program files\iPod
2009-08-01 16:49 . 2009-08-01 16:49 -------- d-----w- c:\program files\iTunes
2009-08-01 16:46 . 2009-08-01 16:46 -------- d-----w- c:\program files\Bonjour
2009-08-01 16:37 . 2009-08-01 16:37 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe
2009-07-30 09:55 . 2009-07-30 09:55 -------- d--h--w- c:\windows\PIF
2009-07-29 14:13 . 2009-07-29 14:13 91700 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-29 14:13 . 2009-07-29 14:13 85860 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-29 14:12 . 2009-07-29 14:12 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-29 14:12 . 2009-07-29 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-29 13:59 . 2009-07-29 14:11 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-24 08:06 . 2009-07-02 06:55 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-24 08:06 . 2009-07-02 06:55 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-24 08:06 . 2009-07-02 06:55 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-24 08:06 . 2009-07-02 06:55 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-24 08:06 . 2009-07-02 06:55 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-24 08:06 . 2009-07-02 06:55 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-24 08:06 . 2009-07-02 06:55 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-24 08:06 . 2009-07-02 06:55 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-24 08:06 . 2009-07-02 06:55 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-24 08:06 . 2009-07-02 06:55 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-24 08:06 . 2009-07-02 06:54 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-24 08:05 . 2009-07-02 06:51 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-24 08:05 . 2009-07-02 06:51 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 07:06 . 2008-12-08 13:25 5107744 -csha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-19 07:03 . 2008-12-08 13:25 158752 -csha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-19 07:02 . 2008-12-08 13:25 61856 -csha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-19 07:02 . 2008-12-08 13:25 15908 -csha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-17 15:21 . 2009-01-29 10:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-13 14:45 . 2009-01-04 15:43 -------- d-----w- c:\documents and settings\Goga\Application Data\Apple Computer
2009-08-07 07:34 . 2009-01-04 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-03 19:44 . 2009-03-12 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-03 06:52 . 2009-03-12 18:08 -------- d-----w- c:\program files\NOS
2009-08-01 17:00 . 2009-03-23 09:34 -------- d-----w- c:\program files\Safari
2009-08-01 16:49 . 2009-01-04 15:40 -------- d-----w- c:\program files\Common Files\Apple
2009-07-29 14:00 . 2004-12-15 16:45 -------- d-----w- c:\program files\Yahoo!
2009-07-29 13:59 . 2004-12-15 16:37 -------- d-----w- c:\program files\Sony
2009-07-29 13:59 . 2004-12-15 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-07-29 13:58 . 2008-12-08 13:22 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-29 13:55 . 2008-12-06 15:50 -------- d-----w- c:\program files\MoodLogic
2009-07-29 13:54 . 2004-12-15 16:35 -------- d-----w- c:\program files\Java
2009-07-29 13:51 . 2009-05-15 09:16 -------- d-----w- c:\program files\Axis Communications
2009-07-29 13:50 . 2004-12-15 16:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-24 08:06 . 2008-12-08 13:28 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 06:55 . 2008-12-08 13:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 10:39 . 2009-01-03 15:37 -------- d-----w- c:\documents and settings\Goga\Application Data\Nokia Multimedia Player
2009-06-21 08:36 . 2008-12-06 17:23 58840 ----a-w- c:\documents and settings\Goga\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 06:56 . 2009-06-19 06:56 292878 ----a-r- c:\documents and settings\Goga\Application Data\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe
2009-06-19 06:25 . 2009-04-06 11:39 108341 ----a-w- c:\documents and settings\Goga\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2009-06-06 16:44 . 2009-06-06 16:44 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 11:36 . 2009-06-06 16:54 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 11:36 . 2009-06-06 16:54 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 07:19 . 2009-05-29 07:18 141454 ----a-w- c:\windows\system32\asr_41432.exe
2009-04-16 17:01 . 2009-04-16 16:53 1205 ----a-w- c:\program files\URLLink.acsm
2009-01-04 15:39 . 2009-01-04 15:38 68756776 ----a-w- c:\program files\iTunesSetup.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-08-18_14.02.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-19 07:03 . 2009-08-19 07:03 16384 c:\windows\Temp\Perflib_Perfdata_7d8.dat
- 2009-08-18 13:59 . 2009-08-18 13:59 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-19 07:01 . 2009-08-19 07:01 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-18 13:59 . 2009-08-18 13:59 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-19 07:01 . 2009-08-19 07:01 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-18 13:59 . 2009-08-18 13:59 237568 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-19 07:01 . 2009-08-19 07:01 237568 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-19 07:01 . 2009-08-19 07:01 196608 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-18 13:59 . 2009-08-18 13:59 196608 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-19 07:01 . 2009-08-19 07:01 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
- 2009-08-18 13:59 . 2009-08-18 13:59 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
- 2009-08-18 13:59 . 2009-08-18 13:59 6422528 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-19 07:01 . 2009-08-19 07:01 6422528 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-19 39408]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-23 5406720]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-21 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-10-25 167936]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-21 151552]
"PDService.exe"="c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"PrepareYourVAIO"="c:\program files\sony\Prepare your VAIO\PYVAlert.exe" [2004-09-09 106496]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 3096576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 06:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 15:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/12/2008 15:28 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/12/2008 15:28 108552]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 16:07 45627]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [14/12/2004 07:31 71961]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gupdate1c9de90fbe32e8;Google Update Service (gupdate1c9de90fbe32e8-);c:\program files\Google\Update\GoogleUpdate.exe [27/05/2009 07:57 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-18 05:54]

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 05:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Microsoft(R) System Manager - c:\windows\system32\sysmgr.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drenik.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://93.87.16.18/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-19 09:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(1436)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll

- - - - - - - > 'explorer.exe'(3692)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-19 9:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 07:08
ComboFix2.txt 2009-08-18 14:07

Pre-Run: 2,836,914,176 bytes free
Post-Run: 2,784,333,824 bytes free

298

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Alati za deinstalaciju AV programa: http://www.mycity.rs/Antivirus-programi/Deinstalac.....grama.html

Ukloni AVG i KAV, a zatim instaliraj neki antivirus.

Kad to odradiš, javi kakvo je sada stanje.

offline
  • Pridružio: 18 Avg 2009
  • Poruke: 5

dr_boro hvala najlepse. cini se da je sada sve ok Smile sve mirno Smile
jedino na pocetku javlja poruku:
_______________________________________
Data Execution Prevention Microsoft Windows

To help protect Microsoft has closed this program.

Name: Generic Host Process for Win32 Services
Publisher: Microsoft Corporation

Change message Close message
________________________________________

ne znam sta je to, ali sve ostalo radi i zvuci ok,...
hvala jos jednom Smile

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.





Za tu poruku koja se javlja, otvori temu u Windows forumu.

offline
  • Pridružio: 18 Avg 2009
  • Poruke: 5

ok. hvala Smile

Ko je trenutno na forumu
 

Ukupno su 848 korisnika na forumu :: 41 registrovanih, 6 sakrivenih i 801 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., Andrija357, Apok, babaroga, Bane san, Bobrock1, BRATORIII, CikaKURE, Dannyboy, Denaya, FileFinder, Georgius, HogarStrashni, hologram, ILGromovnik, Joja, Karla, Kubovac, kybonacci, M1los, maiden6657, Mihajlo, milenko crazy north, Mlav, mocnijogurt, nemkea71, nick79, rodoljub, sap, Sirius, slonic_tonic, Srle993, Steeeefan, theNedjeljko, trajkoni018, Trpe Grozni, vathra, VJ, VP6919, zillbg