Ne otara sajtove sa AV programima

1

Ne otara sajtove sa AV programima

offline
  • Pridružio: 04 Okt 2005
  • Poruke: 47

Ne mogu da udjem ni na jedan sajt tipa kaspersky, nod32, avast..... Probala sam iz vise browsera, ali nece.
Kada udjem na net, stalno imam neki protok, stalno nesto prima i salje bez obzira sto su mi svi browseri iskljuceni. Pri tome nemam ukljucen ni jedan automatski update, bar ga ja ne vidim.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Dragana at 13:13:59.84 on Sun 12/27/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1220 [GMT 1:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -kbdx
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LifeView TVR\RecSche.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LifeView TVR\remote.exe
C:\Documents and Settings\Skundric Dragana\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SW20] c:\windows\system32\sw20.exe
mRun: [SW24] c:\windows\system32\sw24.exe
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Remote] "c:\program files\lifeview tvr\remote.exe"
mRun: [RecSche] "c:\program files\lifeview tvr\RecSche.exe"
mRun: [WinDVRCtrl] c:\windows\WDVRCtrl.exe
mRun: [ScanRegistry] C:\W
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [CnxDslTaskBar] "c:\program files\conexant\accessrunner adsl\CnxDslTb.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\skundr~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {4B324742-EF4B-42AF-ABCF-EF3C77FC313A} = 194.106.162.10 194.106.162.3
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\skundr~1\applic~1\mozilla\firefox\profiles\gwfyzs3u.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-11-28 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-11-28 5248]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 108864]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2009-12-1 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2009-12-1 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [2009-12-1 108675]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [2009-11-28 892032]
S2 fcrgl;Installer Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17

118784]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\everestultimate530\kerneld.wnt --> c:\everestultimate530\kerneld.wnt [?]

=============== Created Last 30 ================

2009-12-25 11:32:29 0 d-----w- c:\docume~1\skundr~1\applic~1\RapidTyping
2009-12-25 11:32:24 0 d-----w- c:\docume~1\alluse~1\applic~1\RapidTyping
2009-12-24 12:22:18 0 d-----w- c:\program files\IrfanView
2009-12-24 12:18:17 69 ----a-w- c:\windows\NeroDigital.ini
2009-12-24 12:09:31 0 d-----w- c:\program files\AskBarDis
2009-12-24 12:09:05 0 d-----w- c:\docume~1\skundr~1\applic~1\Foxit
2009-12-24 12:09:04 0 d-----w- c:\program files\Foxit Software
2009-12-24 11:28:08 0 d-----w- c:\docume~1\skundr~1\applic~1\OpenOffice.org
2009-12-24 11:26:32 0 d-----w- c:\program files\JRE
2009-12-24 11:26:27 0 d-----w- c:\program files\OpenOffice.org 3
2009-12-22 21:38:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-22 21:38:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-21 12:34:56 176 ----a-w- c:\windows\wordtran.ini
2009-12-21 12:19:22 545 ----a-w- c:\windows\UC.PIF
2009-12-21 12:19:22 545 ----a-w- c:\windows\RAR.PIF
2009-12-21 12:19:22 545 ----a-w- c:\windows\PKZIP.PIF
2009-12-21 12:19:22 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-12-21 12:19:22 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-12-21 12:19:22 545 ----a-w- c:\windows\LHA.PIF
2009-12-21 12:19:22 545 ----a-w- c:\windows\ARJ.PIF
2009-12-21 12:19:22 0 d-----w- c:\program files\totalcmd
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-10 17:05:19 0 d-----w- c:\docume~1\skundr~1\applic~1\Malwarebytes
2009-12-10 17:05:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-10 17:05:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-10 17:05:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-10 17:05:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-10 17:00:49 4844296 ----a-w- c:\program files\mbam-setup.exe
2009-12-06 00:20:08 0 d-----w- c:\program files\everestultimate530
2009-12-03 09:23:54 0 d-s---w- c:\documents and settings\skundric dragana\UserData
2009-12-02 18:40:26 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-02 18:40:26 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-02 18:19:19 9728 ----a-w- c:\windows\system32\MICM___U.DLL
2009-12-02 18:19:19 90112 ----a-w- c:\windows\system32\MLMON__U.DLL
2009-12-02 18:19:19 61 ----a-w- c:\windows\system32\MSEP01_U.SEP
2009-12-02 18:19:19 51200 ----a-w- c:\windows\system32\MSPOOL_U.DLL
2009-12-02 18:19:19 49152 ----a-w- c:\windows\system32\MINFIN_U.EXE
2009-12-02 18:19:19 45056 ----a-w- c:\windows\system32\MSHRES_U.DLL
2009-12-02 18:19:19 376832 ----a-w- c:\windows\system32\MSMCML_U.DLL
2009-12-02 18:19:19 23552 ----a-w- c:\windows\system32\MGDI32_U.DLL
2009-12-02 18:19:19 20436 ----a-w- c:\windows\MSUMLT_U.INI
2009-12-02 18:19:19 19456 ----a-w- c:\windows\system32\MTAG32_U.DLL
2009-12-02 18:19:19 13312 ----a-w- c:\windows\system32\MIMF32_U.DLL
2009-12-02 18:19:18 36864 ----a-w- c:\windows\system32\MCMM___U.DLL
2009-12-02 18:19:14 0 d-----w- c:\program files\KONICA MINOLTA
2009-12-02 09:46:43 0 d-----w- c:\windows\system32\NtmsData
2009-12-01 22:04:03 60288 ----a-r- c:\windows\system32\drivers\CnxEtP.sys
2009-12-01 22:04:03 163840 ----a-r- c:\windows\system32\CnxHwIo.dll
2009-12-01 22:04:03 108675 ----a-r- c:\windows\system32\drivers\CnxTgN.sys
2009-12-01 22:04:03 0 d-----w- c:\program files\Conexant
2009-12-01 22:03:48 118784 ----a-r- c:\windows\system32\CnxMfdCo.dll
2009-12-01 22:03:48 118784 ----a-r- c:\windows\system32\CnxClsCo.dll
2009-12-01 22:03:47 646784 ----a-r- c:\windows\system32\drivers\CnxEtU.sys
2009-11-30 19:03:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-11-30 17:31:13 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-30 17:31:13 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-30 17:31:00 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-30 17:31:00 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-30 17:27:05 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-30 17:27:05 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-30 17:26:54 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2009-11-30 17:26:54 45056 ----a-w- c:\windows\system32\vusetup.dll
2009-11-30 17:26:54 10496 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2009-11-30 17:26:53 0 d-----w- c:\program files\VIA Technologies, Inc
2009-11-30 17:26:41 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-30 17:25:28 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-30 17:25:28 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-30 17:25:24 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-11-30 17:25:24 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-30 17:25:01 57600 -c--a-w- c:\windows\system32\dllcache\usbhub.sys
2009-11-30 17:25:01 57600 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-11-30 11:02:07 1383 ----a-w- c:\windows\WINCMD.INI
2009-11-30 08:18:33 0 d-----w- c:\windows\pss
2009-11-28 14:49:40 850 ----a-w- c:\windows\system32\ProductTweaks.xml
2009-11-28 14:46:55 385 ----a-w- c:\windows\system32\user_gensett.xml
2009-11-28 14:42:29 0 d-----w- c:\docume~1\skundr~1\applic~1\BitDefender
2009-11-28 14:42:12 0 d-----w- c:\program files\BitDefender
2009-11-28 14:42:12 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2009-11-28 14:41:52 0 d-----w- c:\program files\common files\BitDefender
2009-11-28 14:19:56 0 d-----w- c:\program files\common files\Adobe Systems Shared
2009-11-28 14:12:47 0 d-----w- c:\docume~1\skundr~1\applic~1\ACD Systems
2009-11-28 14:12:30 0 d-----w- c:\docume~1\alluse~1\applic~1\ACD Systems
2009-11-28 14:12:29 0 d-----w- c:\program files\common files\ACD Systems
2009-11-28 14:12:29 0 d-----w- c:\program files\ACD Systems
2009-11-28 14:11:49 0 d-----w- c:\program files\PhotoFiltre
2009-11-28 14:10:39 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2009-11-28 14:10:39 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2009-11-28 14:10:39 0 d-----w- c:\windows\system32\Lang
2009-11-28 13:22:23 0 d-----w- c:\program files\GameHouse
2009-11-28 13:20:31 0 d-----w- c:\program files\YouTube Downloader
2009-11-28 13:19:05 0 d-----w- c:\program files\Skype
2009-11-28 13:10:57 0 d-----w- c:\program files\Nero
2009-11-28 13:07:12 0 d-----w- c:\program files\D-Tools
2009-11-28 13:06:19 0 d-----w- c:\program files\common files\ODBC
2009-11-28 13:06:17 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-28 13:05:57 0 d-----r- c:\documents and settings\all users\Documents
2009-11-28 13:02:22 0 d-----w- c:\program files\Microsoft ActiveSync
2009-11-28 12:56:31 0 d-----w- c:\program files\ffdshow
2009-11-28 12:56:20 0 d-----w- c:\program files\AC3Filter
2009-11-28 12:55:47 0 d-----w- c:\program files\K-Lite Codec Pack
2009-11-28 12:49:46 0 d-----w- c:\program files\Teletext
2009-11-28 12:49:06 0 d-----w- c:\program files\LifeView TVR
2009-11-28 12:37:48 0 d-----w- c:\program files\Realtek
2009-11-28 12:15:18 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-28 12:15:04 0 d--h--w- c:\program files\WindowsUpdate
2009-11-28 12:14:20 0 d-----w- c:\program files\common files\MSSoap
2009-11-28 12:13:19 0 d-----w- c:\program files\Online Services
2009-11-28 12:13:15 0 d-----w- c:\program files\Messenger
2009-11-28 12:13:12 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-28 12:12:41 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-11-28 12:46:56 892032 ----a-w- c:\windows\system32\drivers\LVHybrid.sys
2009-11-28 12:46:56 3072 ----a-w- c:\windows\system32\34CoInstaller.dll
2009-11-28 12:37:37 315392 ----a-w- c:\windows\HideWin.exe
2009-11-28 12:13:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-13 22:57:16 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57:16 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-11-13 22:57:16 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-13 22:57:16 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2004-08-03 22:56:44 166555 --sha-r- c:\windows\system32\jmuemps.dll

============= FINISH: 13:14:21.04 ===============


mycity.rs/must-login.png

#3

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 04 Okt 2005
  • Poruke: 47

ComboFix 09-12-26.04 - Dragana 12/27/2009 14:10:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1755 [GMT 1:00]
Running from: c:\documents and settings\ Dragana\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\34CoInstaller.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-26 23:10 . 2009-12-26 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-12-25 11:32 . 2009-12-25 11:32 -------- d-----w- c:\documents and settings\ Dragana\Application Data\RapidTyping
2009-12-25 11:32 . 2009-12-25 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidTyping
2009-12-24 12:22 . 2009-12-24 12:22 -------- d-----w- c:\program files\IrfanView
2009-12-24 12:13 . 2009-12-24 12:22 -------- d-----w- c:\program files\Google
2009-12-24 12:09 . 2009-12-24 12:09 -------- d-----w- c:\program files\AskBarDis
2009-12-24 12:09 . 2009-12-24 12:09 -------- d-----w- c:\documents and settings\ Dragana\Application Data\Foxit
2009-12-24 12:09 . 2009-12-24 12:09 -------- d-----w- c:\program files\Foxit Software
2009-12-24 11:29 . 2009-12-24 11:29 1 ----a-w- c:\documents and settings\ Dragana\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-24 11:28 . 2009-12-24 11:28 -------- d-----w- c:\documents and settings\ Dragana\Application Data\OpenOffice.org
2009-12-24 11:26 . 2009-12-24 11:26 -------- d-----w- c:\program files\JRE
2009-12-24 11:26 . 2009-12-24 11:26 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-22 21:38 . 2009-12-22 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-22 21:38 . 2009-12-24 11:26 -------- d-----w- c:\program files\Java
2009-12-22 21:37 . 2009-12-22 21:37 152576 ----a-w- c:\documents and settings\ Dragana\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-22 21:34 . 2009-12-22 21:34 79488 ----a-w- c:\documents and settings\ Dragana\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-21 12:22 . 2009-12-21 12:22 -------- d-----w- c:\documents and settings\ Dragana\Local Settings\Application Data\Downloaded Installations
2009-12-21 12:19 . 2009-12-21 12:19 -------- d-----w- c:\program files\totalcmd
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\UC.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\RAR.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\PKZIP.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\LHA.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\ARJ.PIF
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-10 17:05 . 2009-12-10 17:05 -------- d-----w- c:\documents and settings\ Dragana\Application Data\Malwarebytes
2009-12-10 17:05 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-10 17:05 . 2009-12-10 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-10 17:05 . 2009-12-10 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-10 17:05 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-10 17:00 . 2009-12-10 17:02 4844296 ----a-w- c:\program files\mbam-setup.exe
2009-12-06 00:20 . 2009-12-07 09:20 -------- d-----w- c:\program files\everestultimate530
2009-12-03 09:31 . 2009-12-24 12:14 -------- d-----w- c:\documents and settings\ Dragana\Local Settings\Application Data\Google
2009-12-03 09:31 . 2009-08-13 14:40 43008 ----a-w- c:\documents and settings\ Dragana\Application Data\Mozilla\Firefox\Profiles\gwfyzs3u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-03 09:31 . 2009-08-13 14:39 340480 ----a-w- c:\documents and settings\ Dragana\Application Data\Mozilla\Firefox\Profiles\gwfyzs3u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-03 09:31 . 2009-08-13 14:39 346112 ----a-w- c:\documents and settings\ Dragana\Application Data\Mozilla\Firefox\Profiles\gwfyzs3u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-03 09:23 . 2009-12-03 09:23 -------- d-s---w- c:\documents and settings\ Dragana\UserData
2009-12-02 18:40 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-02 18:40 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-02 18:19 . 2005-05-24 12:02 45056 ----a-w- c:\windows\system32\MSHRES_U.DLL
2009-12-02 18:19 . 2005-05-24 11:47 90112 ----a-w- c:\windows\system32\MLMON__U.DLL
2009-12-02 18:19 . 2005-03-15 10:13 49152 ----a-w- c:\windows\system32\MINFIN_U.EXE
2009-12-02 18:19 . 2005-03-15 10:12 9728 ----a-w- c:\windows\system32\MICM___U.DLL
2009-12-02 18:19 . 2005-03-15 10:10 13312 ----a-w- c:\windows\system32\MIMF32_U.DLL
2009-12-02 18:19 . 2005-03-15 10:10 10752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\MIMFPR_U.DLL
2009-12-02 18:19 . 2005-03-15 10:09 23552 ----a-w- c:\windows\system32\MGDI32_U.DLL
2009-12-02 18:19 . 2004-07-08 15:10 51200 ----a-w- c:\windows\system32\MSPOOL_U.DLL
2009-12-02 18:19 . 2004-07-08 15:09 19456 ----a-w- c:\windows\system32\MTAG32_U.DLL
2009-12-02 18:19 . 2004-05-14 14:23 376832 ----a-w- c:\windows\system32\MSMCML_U.DLL
2009-12-02 18:19 . 2005-03-15 10:12 36864 ----a-w- c:\windows\system32\MCMM___U.DLL
2009-12-02 18:19 . 2009-12-02 18:19 -------- d-----w- c:\program files\KONICA MINOLTA
2009-12-02 09:46 . 2009-12-02 09:47 -------- d-----w- c:\windows\system32\NtmsData
2009-12-01 22:04 . 2009-12-01 22:04 -------- d-----w- c:\program files\Conexant
2009-12-01 22:04 . 2003-10-29 07:07 163840 ----a-r- c:\windows\system32\CnxHwIo.dll
2009-12-01 22:04 . 2003-10-29 07:02 108675 ----a-r- c:\windows\system32\drivers\CnxTgN.sys
2009-12-01 22:04 . 2003-09-12 02:26 60288 ----a-r- c:\windows\system32\drivers\CnxEtP.sys
2009-12-01 22:03 . 2002-08-06 06:59 118784 ----a-r- c:\windows\system32\CnxMfdCo.dll
2009-12-01 22:03 . 2001-10-03 06:08 118784 ----a-r- c:\windows\system32\CnxClsCo.dll
2009-12-01 22:03 . 2003-09-12 02:26 646784 ----a-r- c:\windows\system32\drivers\CnxEtU.sys
2009-11-30 19:03 . 2004-08-03 22:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-11-30 17:31 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-30 17:31 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-30 17:31 . 2004-08-03 21:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-30 17:31 . 2004-08-03 21:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-30 17:27 . 2004-08-03 23:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-30 17:27 . 2004-08-03 23:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-30 17:26 . 2003-02-06 10:07 45056 ----a-w- c:\windows\system32\vusetup.dll
2009-11-30 17:26 . 2002-11-13 09:34 10496 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2009-11-30 17:26 . 2002-10-24 08:07 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2009-11-30 17:26 . 2009-11-30 17:26 -------- d-----w- c:\program files\VIA Technologies, Inc
2009-11-30 17:26 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-30 17:25 . 2001-08-17 13:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-30 17:25 . 2001-08-17 13:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-30 17:25 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-11-30 17:25 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-30 17:25 . 2004-08-03 22:08 57600 -c--a-w- c:\windows\system32\dllcache\usbhub.sys
2009-11-30 17:25 . 2004-08-03 22:08 57600 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-11-30 13:45 . 2009-12-02 18:42 -------- d-----w- c:\documents and settings\ Dragana\Local Settings\Application Data\Help
2009-11-30 10:54 . 2009-11-30 10:54 -------- d-----w- c:\documents and settings\ Dragana\Local Settings\Application Data\Opera
2009-11-28 15:11 . 2009-11-28 15:11 -------- d-----w- c:\documents and settings\ Dragana\Application Data\CyberLink
2009-11-28 15:11 . 2009-11-28 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-28 14:42 . 2009-11-28 14:42 -------- d-----w- c:\documents and settings\ Dragana\Application Data\BitDefender
2009-11-28 14:42 . 2009-11-28 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-11-28 14:42 . 2009-11-28 14:42 -------- d-----w- c:\program files\BitDefender
2009-11-28 14:41 . 2009-11-28 14:42 -------- d-----w- c:\program files\Common Files\BitDefender
2009-11-28 14:19 . 2009-11-28 14:19 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-11-28 14:12 . 2009-11-28 14:12 -------- d-----w- c:\documents and settings\ Dragana\Local Settings\Application Data\ACDSee
2009-11-28 14:12 . 2009-11-28 14:17 -------- d-----w- c:\documents and settings\ Dragana\Application Data\ACD Systems
2009-11-28 14:12 . 2009-11-28 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-11-28 14:12 . 2009-11-28 14:12 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-11-28 14:12 . 2009-11-28 14:12 -------- d-----w- c:\program files\ACD Systems
2009-11-28 14:11 . 2009-12-07 09:19 -------- d-----w- c:\program files\PhotoFiltre
2009-11-28 14:10 . 2009-11-28 14:10 -------- d-----w- c:\windows\system32\Lang

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:07 . 2009-11-28 12:20 22032 ----a-w- c:\documents and settings\ Dragana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-16 16:59 . 2009-11-28 13:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-01 23:11 . 2009-11-28 13:20 -------- d-----w- c:\documents and settings\ Dragana\Application Data\Skype
2009-11-30 17:17 . 2009-11-28 12:15 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-28 13:23 . 2009-11-28 13:22 -------- d-----w- c:\program files\GameHouse
2009-11-28 13:20 . 2009-11-28 13:20 -------- d-----w- c:\program files\YouTube Downloader
2009-11-28 13:19 . 2009-11-28 13:19 -------- d-----w- c:\program files\Skype
2009-11-28 13:19 . 2009-11-28 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-28 13:19 . 2009-11-28 13:19 -------- d-----w- c:\program files\Common Files\Skype
2009-11-28 13:18 . 2009-11-28 13:18 0 ----a-w- c:\windows\nsreg.dat
2009-11-28 13:17 . 2009-11-28 13:17 -------- d-----w- c:\program files\Opera
2009-11-28 13:16 . 2009-11-28 13:13 -------- d-----w- c:\documents and settings\ Dragana\Application Data\Winamp
2009-11-28 13:16 . 2009-11-28 13:13 -------- d-----w- c:\program files\Winamp
2009-11-28 13:12 . 2009-11-28 13:10 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-28 13:11 . 2009-11-28 13:11 -------- d-----w- c:\documents and settings\ Dragana\Application Data\Ahead
2009-11-28 13:10 . 2009-11-28 13:10 -------- d-----w- c:\program files\Nero
2009-11-28 13:07 . 2009-11-28 13:07 -------- d-----w- c:\program files\D-Tools
2009-11-28 13:02 . 2009-11-28 13:02 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-28 13:02 . 2009-11-28 13:02 -------- d-----w- c:\program files\Microsoft.NET
2009-11-28 13:01 . 2009-11-28 13:01 -------- d-----w- c:\program files\CyberLink
2009-11-28 13:01 . 2009-11-28 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-28 13:01 . 2009-11-28 12:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 12:56 . 2009-11-28 12:56 -------- d-----w- c:\program files\ffdshow
2009-11-28 12:56 . 2009-11-28 12:56 -------- d-----w- c:\program files\AC3Filter
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\program files\7-Zip
2009-11-28 12:49 . 2009-11-28 12:49 -------- d-----w- c:\program files\Teletext
2009-11-28 12:49 . 2009-11-28 12:49 -------- d-----w- c:\program files\LifeView TVR
2009-11-28 12:47 . 2009-11-28 12:47 -------- d-----w- c:\program files\DIFX
2009-11-28 12:46 . 2009-11-28 12:47 892032 ----a-w- c:\windows\system32\drivers\LVHybrid.sys
2009-11-28 12:37 . 2009-11-28 12:37 -------- d-----w- c:\program files\Realtek
2009-11-28 12:37 . 2009-11-28 12:37 315392 ----a-w- c:\windows\HideWin.exe
2009-11-28 12:31 . 2009-11-28 12:31 -------- d-----w- c:\program files\Intel
2009-11-28 12:16 . 2009-11-28 12:16 -------- d-----w- c:\program files\microsoft frontpage
2009-11-28 12:13 . 2009-11-28 12:13 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-13 22:57 . 2009-11-28 12:38 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-13 22:57 . 2004-08-03 20:59 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2008-08-13 18:02 . 2008-08-13 18:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2004-08-03 22:56 . 2004-08-03 22:56 166555 --sha-r- c:\windows\system32\jmuemps.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"nwiz"="nwiz.exe" [2007-04-12 1626112]
"SW20"="c:\windows\system32\sw20.exe" [2006-12-15 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-12-15 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-12-15 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"Remote"="c:\program files\LifeView TVR\remote.exe" [2007-02-15 212992]
"RecSche"="c:\program files\LifeView TVR\RecSche.exe" [2007-02-15 458752]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-08-14 716800]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 462848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-22 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\ Dragana\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5894:TCP"= 5894:TCP:hijqx

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/28/2009 2:07 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/28/2009 2:07 PM 5248]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [8/12/2008 6:40 PM 108864]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [12/1/2009 11:04 PM 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [12/1/2009 11:03 PM 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [12/1/2009 11:04 PM 108675]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [11/28/2009 1:47 PM 892032]
S2 fcrgl;Installer Center;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 11:56 PM 14336]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [7/17/2008 1:06 PM 118784]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\everestultimate530\kerneld.wnt --> c:\everestultimate530\kerneld.wnt [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fcrgl
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ Dragana\Application Data\Mozilla\Firefox\Profiles\gwfyzs3u.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinDVRCtrl - c:\windows\WDVRCtrl.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-12-27 14:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x895CC308]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf7588cb8
\Driver\atapi -> 0x895cc308
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9
ParseProcedure -> ntoskrnl.exe @ 0x8057e98a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9
ParseProcedure -> ntoskrnl.exe @ 0x8057e98a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\everestultimate530\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fcrgl]
"ServiceDll"="c:\windows\system32\jmuemps.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
.
**************************************************************************
.
Completion time: 2009-12-27 14:15:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-27 13:15

Pre-Run: 5,181,698,048 bytes free
Post-Run: 5,731,766,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C3C92C06D2FEA1BE53B5B4149CA44BC5

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5894:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fcrgl]

Driver::
fcrgl

NetSvc::
fcrgl

File::
c:\windows\system32\jmuemps.dll



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 04 Okt 2005
  • Poruke: 47

ComboFix 09-12-26.04 - Dragana 12/27/2009 14:53:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1442 [GMT 1:00]
Running from: c:\documents and settings\ Dragana\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ Dragana\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FILE ::
"c:\windows\system32\jmuemps.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\jmuemps.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCRGL
-------\Service_fcrgl


((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-26 23:10 . 2009-12-26 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-12-25 11:32 . 2009-12-25 11:32 -------- d-----w- c:\documents and settings\ Dragana\Application Data\RapidTyping
2009-12-25 11:32 . 2009-12-25 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidTyping
2009-12-24 12:22 . 2009-12-24 12:22 -------- d-----w- c:\program files\IrfanView
2009-12-24 12:13 . 2009-12-24 12:22 -------- d-----w- c:\program files\Google
2009-12-24 12:09 . 2009-12-24 12:09 -------- d-----w- c:\program files\AskBarDis
2009-12-24 12:09 . 2009-12-24 12:09 -------- d-----w- c:\documents and settings\ Dragana\Application Data\Foxit
2009-12-24 12:09 . 2009-12-24 12:09 -------- d-----w- c:\program files\Foxit Software
2009-12-24 11:29 . 2009-12-24 11:29 1 ----a-w- c:\documents and settings\ Dragana\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-24 11:28 . 2009-12-24 11:28 -------- d-----w- c:\documents and settings\ Dragana\Application Data\OpenOffice.org
2009-12-24 11:26 . 2009-12-24 11:26 -------- d-----w- c:\program files\JRE
2009-12-24 11:26 . 2009-12-24 11:26 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-22 21:38 . 2009-12-22 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-22 21:38 . 2009-12-24 11:26 -------- d-----w- c:\program files\Java
2009-12-22 21:37 . 2009-12-22 21:37 152576 ----a-w- c:\documents and settings\ Dragana\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-22 21:34 . 2009-12-22 21:34 79488 ----a-w- c:\documents and settings\ Dragana\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-21 12:22 . 2009-12-21 12:22 -------- d-----w- c:\documents and settings\ Dragana\Local Settings\Application Data\Downloaded Installations
2009-12-21 12:19 . 2009-12-21 12:19 -------- d-----w- c:\program files\totalcmd
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\UC.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\RAR.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\PKZIP.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\LHA.PIF
2009-12-21 12:19 . 2007-09-14 06:02 545 ----a-w- c:\windows\ARJ.PIF
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-10 17:05 . 2009-12-10 17:05 -------- d-----w- c:\documents and settings\ Dragana\Application Data\Malwarebytes
2009-12-10 17:05 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-10 17:05 . 2009-12-10 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-10 17:05 . 2009-12-10 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-10 17:05 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-10 17:00 . 2009-12-10 17:02 4844296 ----a-w- c:\program files\mbam-setup.exe
2009-12-06 00:20 . 2009-12-07 09:20 -------- d-----w- c:\program files\everestultimate530
2009-12-03 09:31 . 2009-12-24 12:14 -------- d-----w- c:\documents and settings\ Dragana\Local Settings\Application Data\Google
2009-12-03 09:31 . 2009-08-13 14:40 43008 ----a-w- c:\documents and settings\ Dragana\Application Data\Mozilla\Firefox\Profiles\gwfyzs3u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-03 09:31 . 2009-08-13 14:39 340480 ----a-w- c:\documents and settings\ Dragana\Application Data\Mozilla\Firefox\Profiles\gwfyzs3u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-03 09:31 . 2009-08-13 14:39 346112 ----a-w- c:\documents and settings\ Dragana\Application Data\Mozilla\Firefox\Profiles\gwfyzs3u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-03 09:23 . 2009-12-03 09:23 -------- d-s---w- c:\documents and settings\ Dragana\UserData
2009-12-02 18:40 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-02 18:40 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-02 18:19 . 2005-05-24 12:02 45056 ----a-w- c:\windows\system32\MSHRES_U.DLL
2009-12-02 18:19 . 2005-05-24 11:47 90112 ----a-w- c:\windows\system32\MLMON__U.DLL
2009-12-02 18:19 . 2005-03-15 10:13 49152 ----a-w- c:\windows\system32\MINFIN_U.EXE
2009-12-02 18:19 . 2005-03-15 10:12 9728 ----a-w- c:\windows\system32\MICM___U.DLL
2009-12-02 18:19 . 2005-03-15 10:10 13312 ----a-w- c:\windows\system32\MIMF32_U.DLL
2009-12-02 18:19 . 2005-03-15 10:10 10752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\MIMFPR_U.DLL
2009-12-02 18:19 . 2005-03-15 10:09 23552 ----a-w- c:\windows\system32\MGDI32_U.DLL
2009-12-02 18:19 . 2004-07-08 15:10 51200 ----a-w- c:\windows\system32\MSPOOL_U.DLL
2009-12-02 18:19 . 2004-07-08 15:09 19456 ----a-w- c:\windows\system32\MTAG32_U.DLL
2009-12-02 18:19 . 2004-05-14 14:23 376832 ----a-w- c:\windows\system32\MSMCML_U.DLL
2009-12-02 18:19 . 2005-03-15 10:12 36864 ----a-w- c:\windows\system32\MCMM___U.DLL
2009-12-02 18:19 . 2009-12-02 18:19 -------- d-----w- c:\program files\KONICA MINOLTA
2009-12-02 09:46 . 2009-12-02 09:47 -------- d-----w- c:\windows\system32\NtmsData
2009-12-01 22:04 . 2009-12-01 22:04 -------- d-----w- c:\program files\Conexant
2009-12-01 22:04 . 2003-10-29 07:07 163840 ----a-r- c:\windows\system32\CnxHwIo.dll
2009-12-01 22:04 . 2003-10-29 07:02 108675 ----a-r- c:\windows\system32\drivers\CnxTgN.sys
2009-12-01 22:04 . 2003-09-12 02:26 60288 ----a-r- c:\windows\system32\drivers\CnxEtP.sys
2009-12-01 22:03 . 2002-08-06 06:59 118784 ----a-r- c:\windows\system32\CnxMfdCo.dll
2009-12-01 22:03 . 2001-10-03 06:08 118784 ----a-r- c:\windows\system32\CnxClsCo.dll
2009-12-01 22:03 . 2003-09-12 02:26 646784 ----a-r- c:\windows\system32\drivers\CnxEtU.sys
2009-11-30 19:03 . 2004-08-03 22:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-11-30 17:31 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-30 17:31 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-30 17:31 . 2004-08-03 21:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-30 17:31 . 2004-08-03 21:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-30 17:27 . 2004-08-03 23:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-30 17:27 . 2004-08-03 23:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-30 17:26 . 2003-02-06 10:07 45056 ----a-w- c:\windows\system32\vusetup.dll
2009-11-30 17:26 . 2002-11-13 09:34 10496 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2009-11-30 17:26 . 2002-10-24 08:07 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2009-11-30 17:26 . 2009-11-30 17:26 -------- d-----w- c:\program files\VIA Technologies, Inc
2009-11-30 17:26 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-30 17:25 . 2001-08-17 13:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-30 17:25 . 2001-08-17 13:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-30 17:25 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-11-30 17:25 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-30 17:25 . 2004-08-03 22:08 57600 -c--a-w- c:\windows\system32\dllcache\usbhub.sys
2009-11-30 17:25 . 2004-08-03 22:08 57600 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-11-30 13:45 . 2009-12-02 18:42 -------- d-----w- c:\documents and settings\ Dragana\Local Settings\Application Data\Help
2009-11-30 10:54 . 2009-11-30 10:54 -------- d-----w- c:\documents and settings\ Dragana\Local Settings\Application Data\Opera
2009-11-28 15:11 . 2009-11-28 15:11 -------- d-----w- c:\documents and settings\ Dragana\Application Data\CyberLink
2009-11-28 15:11 . 2009-11-28 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-28 14:42 . 2009-11-28 14:42 -------- d-----w- c:\documents and settings\ Dragana\Application Data\BitDefender
2009-11-28 14:42 . 2009-11-28 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-11-28 14:42 . 2009-11-28 14:42 -------- d-----w- c:\program files\BitDefender
2009-11-28 14:41 . 2009-11-28 14:42 -------- d-----w- c:\program files\Common Files\BitDefender
2009-11-28 14:19 . 2009-11-28 14:19 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-11-28 14:12 . 2009-11-28 14:12 -------- d-----w- c:\documents and settings\ Dragana\Local Settings\Application Data\ACDSee
2009-11-28 14:12 . 2009-11-28 14:17 -------- d-----w- c:\documents and settings\ Dragana\Application Data\ACD Systems
2009-11-28 14:12 . 2009-11-28 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-11-28 14:12 . 2009-11-28 14:12 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-11-28 14:12 . 2009-11-28 14:12 -------- d-----w- c:\program files\ACD Systems
2009-11-28 14:11 . 2009-12-07 09:19 -------- d-----w- c:\program files\PhotoFiltre
2009-11-28 14:10 . 2009-11-28 14:10 -------- d-----w- c:\windows\system32\Lang

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:07 . 2009-11-28 12:20 22032 ----a-w- c:\documents and settings\ Dragana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-16 16:59 . 2009-11-28 13:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-01 23:11 . 2009-11-28 13:20 -------- d-----w- c:\documents and settings\ Dragana\Application Data\Skype
2009-11-30 17:17 . 2009-11-28 12:15 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-28 13:23 . 2009-11-28 13:22 -------- d-----w- c:\program files\GameHouse
2009-11-28 13:20 . 2009-11-28 13:20 -------- d-----w- c:\program files\YouTube Downloader
2009-11-28 13:19 . 2009-11-28 13:19 -------- d-----w- c:\program files\Skype
2009-11-28 13:19 . 2009-11-28 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-28 13:19 . 2009-11-28 13:19 -------- d-----w- c:\program files\Common Files\Skype
2009-11-28 13:18 . 2009-11-28 13:18 0 ----a-w- c:\windows\nsreg.dat
2009-11-28 13:17 . 2009-11-28 13:17 -------- d-----w- c:\program files\Opera
2009-11-28 13:16 . 2009-11-28 13:13 -------- d-----w- c:\documents and settings\ Dragana\Application Data\Winamp
2009-11-28 13:16 . 2009-11-28 13:13 -------- d-----w- c:\program files\Winamp
2009-11-28 13:12 . 2009-11-28 13:10 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-28 13:11 . 2009-11-28 13:11 -------- d-----w- c:\documents and settings\ Dragana\Application Data\Ahead
2009-11-28 13:10 . 2009-11-28 13:10 -------- d-----w- c:\program files\Nero
2009-11-28 13:07 . 2009-11-28 13:07 -------- d-----w- c:\program files\D-Tools
2009-11-28 13:02 . 2009-11-28 13:02 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-28 13:02 . 2009-11-28 13:02 -------- d-----w- c:\program files\Microsoft.NET
2009-11-28 13:01 . 2009-11-28 13:01 -------- d-----w- c:\program files\CyberLink
2009-11-28 13:01 . 2009-11-28 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-28 13:01 . 2009-11-28 12:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 12:56 . 2009-11-28 12:56 -------- d-----w- c:\program files\ffdshow
2009-11-28 12:56 . 2009-11-28 12:56 -------- d-----w- c:\program files\AC3Filter
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\program files\7-Zip
2009-11-28 12:49 . 2009-11-28 12:49 -------- d-----w- c:\program files\Teletext
2009-11-28 12:49 . 2009-11-28 12:49 -------- d-----w- c:\program files\LifeView TVR
2009-11-28 12:47 . 2009-11-28 12:47 -------- d-----w- c:\program files\DIFX
2009-11-28 12:46 . 2009-11-28 12:47 892032 ----a-w- c:\windows\system32\drivers\LVHybrid.sys
2009-11-28 12:37 . 2009-11-28 12:37 -------- d-----w- c:\program files\Realtek
2009-11-28 12:37 . 2009-11-28 12:37 315392 ----a-w- c:\windows\HideWin.exe
2009-11-28 12:31 . 2009-11-28 12:31 -------- d-----w- c:\program files\Intel
2009-11-28 12:16 . 2009-11-28 12:16 -------- d-----w- c:\program files\microsoft frontpage
2009-11-28 12:13 . 2009-11-28 12:13 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-13 22:57 . 2009-11-28 12:38 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-13 22:57 . 2004-08-03 20:59 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2008-08-13 18:02 . 2008-08-13 18:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-27_13.14.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-27 13:58 . 2009-12-27 13:58 16384 c:\windows\Temp\Perflib_Perfdata_534.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"nwiz"="nwiz.exe" [2007-04-12 1626112]
"SW20"="c:\windows\system32\sw20.exe" [2006-12-15 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-12-15 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-12-15 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"Remote"="c:\program files\LifeView TVR\remote.exe" [2007-02-15 212992]
"RecSche"="c:\program files\LifeView TVR\RecSche.exe" [2007-02-15 458752]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-08-14 716800]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 462848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-22 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\ Dragana\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/28/2009 2:07 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/28/2009 2:07 PM 5248]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [8/12/2008 6:40 PM 108864]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [12/1/2009 11:04 PM 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [12/1/2009 11:03 PM 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [12/1/2009 11:04 PM 108675]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [11/28/2009 1:47 PM 892032]
S2 OMSCAN;OMSCAN;\SysT --> \SysT [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [7/17/2008 1:06 PM 118784]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\everestultimate530\kerneld.wnt --> c:\everestultimate530\kerneld.wnt [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {4B324742-EF4B-42AF-ABCF-EF3C77FC313A} = 194.106.162.10 194.106.162.3
FF - ProfilePath - c:\documents and settings\Skundric Dragana\Application Data\Mozilla\Firefox\Profiles\gwfyzs3u.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-12-27 14:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89502F00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf7588cb8
\Driver\atapi -> 0x89502f00
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9
ParseProcedure -> ntoskrnl.exe @ 0x8057e98a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9
ParseProcedure -> ntoskrnl.exe @ 0x8057e98a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\everestultimate530\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
.
**************************************************************************
.
Completion time: 2009-12-27 15:00:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-27 14:00
ComboFix2.txt 2009-12-27 13:15

Pre-Run: 5,735,895,040 bytes free
Post-Run: 5,643,927,552 bytes free

- - End Of File - - 4D2D3E59BFB00E7FF7D2E886E83C937D

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zasto mi nisi postavio Gmer logove?

Ima li kakvog poboljsanja?

offline
  • Pridružio: 04 Okt 2005
  • Poruke: 47

Poboljsanja ima, sada mogu da udjem na sajtove, protok je normalan.
Sto se tice Gmer-a, njega ne mogu da startujem, evo ga RootRepeal log:
mycity.rs/must-login.png

Nadam se da je sada sve O.K.
Hvala ti puno na pomoci, car si!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Preuzmi DeFogger sa ovog linka na Desktop .


Dvoklikom pokreni DeFogger;

Pojaviće se MsgBox na kome ćeš kliknuti na taster Disable;

Ponovo će se pojaviti MsgBox na kome ćeš kliknuti na Yes;

Sačekaj da se procesuiranje programa DeFogger izvrši pa nastavi prema sledećem uputstvu.

Napomena:Na kraju postupka ce biti potrebno ponovno pokretanje Windows-a.
Ovim postupkom će biti deaktivirani CD/DVD emulatori i omogućen neometan rad programa koje koristimo.


------
Kad to uradis, onda probaj Gmer.

offline
  • Pridružio: 04 Okt 2005
  • Poruke: 47

Posle startovanja DeFogger-a javlja mi poruku Daemon Tools Invalid Device.
Pokusala da startujem Gmer, ali kao i u prethodnim pokusajima on krene uvodno skeniranje i nestane ceo njegov ekran, posle cega se komp zaglavi i moram da ga restartujem.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

A, posle tog resetovanja, jel proradi onda Gmer?

Ko je trenutno na forumu
 

Ukupno su 1242 korisnika na forumu :: 41 registrovanih, 9 sakrivenih i 1192 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, Asparagus, bojankrstc, Bokiboks, Boris90, bufanje, Cassius Clay, crnogorac, Dimitrise93, Dorcolac, draganca, Duh sa sekirom, FileFinder, FOX, GandorCC, Georgius, goxin, ILGromovnik, Kruger, Kubovac, ladro, laurusri, lord sir giga, Luka Blažević, mercedesamg, Metanoja, MikeHammer, milenko crazy north, pein, Pikac-47, repac, Smajser, Srle993, stegonosa, Sumadija34, taz1cl, vathra, VJ, vukovi, Zoca