Pomoc Usporen komp :S

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ljudi pomagajte strasno mi je usporen komp
Skenirala sam ga ComboFix i evo ga log



ComboFix 09-04-18.05 - Admin 04/18/2009 13:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.412 [GMT 1:00]
Running from: g:\documents and settings\Admin\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
g:\windows\autorun.inf
g:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-03-31 14:39 . 2009-03-26 14:01 -------- d-----w g:\documents and settings\Admin\Contacts
2009-03-31 07:35 . 2009-03-31 07:35 -------- d-----w g:\windows\Sun
2009-03-29 18:56 . 2009-03-29 19:07 -------- d--h--w g:\windows\$hf_mig$
2009-03-29 18:46 . 2008-10-16 13:06 27496 ----a-w g:\windows\system32\mucltui.dll.mui
2009-03-29 18:46 . 2008-10-16 13:06 268648 ----a-w g:\windows\system32\mucltui.dll
2009-03-29 18:17 . 2009-03-29 18:17 -------- d-----w g:\documents and settings\All Users\Application Data\WLInstaller
2009-03-29 18:10 . 2008-10-16 13:09 31768 ----a-w g:\windows\system32\wucltui.dll.mui
2009-03-29 18:10 . 2008-10-16 13:07 18456 ----a-w g:\windows\system32\wuaueng.dll.mui
2009-03-29 18:10 . 2008-10-16 13:07 23576 ----a-w g:\windows\system32\wuaucpl.cpl.mui
2009-03-29 18:10 . 2008-10-16 13:07 23576 ----a-w g:\windows\system32\wuapi.dll.mui
2009-03-28 23:23 . 2009-03-29 00:24 340 ----a-w g:\windows\system32\BDUpdateV1.xml
2009-03-28 09:52 . 2009-03-28 09:52 -------- d-----w g:\documents and settings\Administrator\Application Data\BitDefender
2009-03-27 13:56 . 2009-03-27 13:56 850 ----a-w g:\windows\system32\ProductTweaks.xml
2009-03-27 13:56 . 2009-03-27 13:56 385 ----a-w g:\windows\system32\user_gensett.xml
2009-03-27 13:51 . 2009-03-31 00:37 81984 ----a-w g:\windows\system32\bdod.bin
2009-03-27 13:43 . 2009-03-27 13:43 -------- d-----w g:\documents and settings\Admin\Application Data\BitDefender
2009-03-27 13:43 . 2009-03-27 13:45 -------- d-----w g:\documents and settings\All Users\Application Data\BitDefender
2009-03-27 09:39 . 2009-03-27 09:39 -------- d-----w g:\windows\ADSL Reboot
2009-03-25 17:46 . 2009-03-31 10:54 -------- d-----w g:\documents and settings\Admin\Application Data\mIRC
2009-03-25 17:14 . 2009-03-25 17:14 3120 ----a-w g:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2009-03-25 17:14 . 2009-03-25 17:14 3120 ----a-w g:\windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
2009-03-25 12:23 . 2009-03-25 12:23 -------- d-----w g:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-24 21:21 . 2009-03-09 19:06 15688 ----a-w g:\windows\system32\lsdelete.exe
2009-03-24 21:17 . 2009-03-29 18:46 -------- dc----w g:\windows\system32\DRVSTORE
2009-03-24 21:17 . 2009-03-09 19:06 64160 ----a-w g:\windows\system32\drivers\Lbd.sys
2009-03-24 21:01 . 2009-03-24 21:01 -------- dc-h--w g:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-24 21:01 . 2009-03-24 21:18 -------- d-----w g:\documents and settings\All Users\Application Data\Lavasoft
2009-03-23 20:39 . 2009-03-23 20:38 73728 ----a-w g:\windows\system32\javacpl.cpl
2009-03-23 20:39 . 2009-03-23 20:38 410984 ----a-w g:\windows\system32\deploytk.dll
2009-03-21 17:22 . 2009-03-21 17:24 -------- d-----w g:\windows\system32\Adobe
2009-03-21 07:28 . 2009-03-21 07:28 -------- d-----w g:\windows\system32\Mesmerized_ScreenSaver dir
2009-03-21 07:28 . 2009-03-21 07:28 532480 ----a-w g:\windows\system32\Mesmerized_ScreenSaver.scr
2009-03-19 20:56 . 2009-03-19 20:56 -------- d-s---w g:\documents and settings\Admin\UserData
2009-03-19 13:57 . 2002-12-08 12:17 565248 ----a-w g:\windows\system32\secyeppv3.ocx
2009-03-19 13:57 . 2002-06-20 01:11 38316 ----a-w g:\windows\system32\drivers\Secypusb.sys
2009-03-19 13:57 . 2002-01-28 16:31 1081344 ----a-w g:\windows\system32\Imagedll.dll
2009-03-19 13:57 . 2001-08-23 17:01 102400 ----a-w g:\windows\system32\Smax10.dll
2009-03-19 13:57 . 2001-08-23 16:13 98304 ----a-w g:\windows\system32\Secumax.dll
2009-03-19 13:57 . 1999-04-20 17:34 57344 ----a-w g:\windows\system32\Mi-sc4.acm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 10:39 . 2009-03-25 17:46 -------- d-----w g:\program files\mIRC
2009-03-30 15:58 . 2009-02-20 20:31 -------- d-----w g:\program files\Common Files\Adobe
2009-03-29 18:33 . 2009-03-29 18:17 -------- dcsh--w g:\program files\Common Files\WindowsLiveInstaller
2009-03-29 18:17 . 2009-03-25 12:03 -------- d-----w g:\program files\Windows Live
2009-03-29 18:12 . 2009-03-31 14:38 -------- d-----w g:\program files\MSN Messenger
2009-03-29 18:09 . 2009-03-27 09:39 -------- d-----w g:\program files\ADSL Reboot
2009-03-28 14:31 . 2009-03-01 08:48 -------- d-----w g:\program files\Valve
2009-03-28 07:47 . 2009-03-28 07:47 -------- d-----w g:\program files\Common Files\Windows Live
2009-03-27 13:43 . 2009-03-27 13:39 -------- d-----w g:\program files\Common Files\BitDefender
2009-03-27 13:43 . 2009-03-27 13:43 -------- d-----w g:\program files\BitDefender
2009-03-27 10:23 . 2009-03-21 20:26 -------- d-----w g:\program files\Common Files\Symantec Shared
2009-03-27 10:14 . 2009-03-21 20:26 -------- d-----w g:\program files\Norton Security Scan
2009-03-25 20:46 . 2009-02-21 11:34 -------- d-----w g:\documents and settings\Admin\Application Data\Skype
2009-03-25 19:46 . 2009-02-21 11:35 -------- d-----w g:\documents and settings\Admin\Application Data\skypePM
2009-03-25 17:13 . 2009-03-25 17:13 -------- d-----w g:\program files\AARONS CLIKER
2009-03-25 12:03 . 2009-03-25 12:03 -------- d-----w g:\program files\Messenger Plus! Live
2009-03-25 08:27 . 2009-02-20 20:10 90112 ----a-w g:\windows\DUMP6cd3.tmp
2009-03-24 21:01 . 2009-03-24 21:01 -------- d-----w g:\program files\Lavasoft
2009-03-23 20:38 . 2009-03-23 20:38 -------- d-----w g:\program files\Java
2009-03-19 13:57 . 2009-03-19 13:57 -------- d-----w g:\program files\samsung
2009-03-19 13:57 . 2009-02-20 20:49 -------- d--h--w g:\program files\InstallShield Installation Information
2009-03-13 18:44 . 2009-03-13 18:44 -------- d-----w g:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-13 18:43 . 2009-03-13 18:43 -------- d-----w g:\program files\CCleaner
2009-03-13 18:43 . 2009-03-13 18:43 -------- d-----w g:\program files\Yahoo!
2009-03-11 18:56 . 2009-03-11 18:56 -------- d-----w g:\documents and settings\All Users\Application Data\TEMP
2009-03-08 17:42 . 2009-03-08 17:42 -------- d-----w g:\program files\Trust
2009-03-08 17:42 . 2009-03-08 17:42 -------- d-----w g:\program files\Common Files\PCCamera
2009-03-08 17:17 . 2009-03-02 16:36 -------- d-----w g:\program files\ChrisTV Lite
2009-03-08 16:47 . 2009-03-08 16:47 -------- d-----w g:\program files\Common Files\ArcSoft
2009-03-08 16:47 . 2009-03-08 16:47 -------- d-----w g:\program files\ArcSoft
2009-03-08 15:57 . 2009-02-20 20:49 -------- d-----w g:\program files\Common Files\InstallShield
2009-03-08 15:25 . 2009-03-08 15:25 53248 ----a-w g:\windows\ginstall.dll
2009-03-01 21:46 . 2009-03-01 21:45 -------- d-----w g:\program files\Hewlett-Packard
2009-03-01 21:45 . 2009-03-01 21:45 -------- d--h--w g:\program files\Zenographics
2009-03-01 20:19 . 2009-03-01 20:19 -------- d-----w g:\documents and settings\All Users\Application Data\Bluetooth
2009-03-01 20:16 . 2009-03-01 20:16 -------- d-----w g:\program files\IVT Corporation
2009-03-01 19:44 . 2009-02-20 20:30 86327 ----a-w g:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-21 18:14 . 2009-02-21 18:14 -------- d-----w g:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-21 16:00 . 2009-02-21 16:00 15544 ----a-w g:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 13:14 . 2009-02-21 13:14 -------- d-----w g:\program files\honestech
2009-02-21 12:58 . 2009-02-21 12:58 -------- d-----w g:\program files\Common Files\Nero
2009-02-21 12:56 . 2009-02-21 12:49 -------- d-----w g:\program files\Ahead
2009-02-21 12:49 . 2009-02-21 12:49 -------- d-----w g:\program files\Common Files\Ahead
2009-02-21 12:46 . 2009-02-21 12:46 -------- d-----w g:\program files\OLYMPUS
2009-02-21 11:40 . 2009-02-21 11:38 -------- d-----w g:\documents and settings\Admin\Application Data\Winamp
2009-02-21 11:40 . 2009-02-21 11:38 -------- d-----w g:\program files\Winamp
2009-02-21 11:28 . 2009-02-21 11:28 -------- d-----w g:\program files\Common Files\Skype
2009-02-21 11:28 . 2009-02-21 11:28 -------- d-----r g:\program files\Skype
2009-02-21 11:28 . 2009-02-21 11:28 -------- d-----w g:\documents and settings\All Users\Application Data\Skype
2009-02-21 11:17 . 2009-02-21 11:17 -------- d-----w g:\program files\MT882
2009-02-21 11:17 . 2009-02-21 11:16 -------- d-----w g:\documents and settings\Admin\Application Data\SumatraPDF
2009-02-20 20:54 . 2009-02-20 20:54 -------- d-----w g:\program files\MP3 Player Utilities 4.13
2009-02-20 20:49 . 2009-02-20 20:49 -------- d-----w g:\program files\Analog Devices
2009-02-20 20:36 . 2009-02-20 20:36 -------- d-----w g:\program files\Microsoft ActiveSync
2009-02-20 20:32 . 2009-02-20 20:32 -------- d-----w g:\documents and settings\All Users\Application Data\Apple Computer
2009-02-20 20:32 . 2009-02-20 20:32 107132 ----a-w g:\windows\UninstallFirefox.exe
2009-02-20 20:32 . 2009-02-20 20:31 2293 ----a-w g:\windows\mozver.dat
2009-02-20 20:31 . 2009-02-20 20:31 -------- d-----w g:\program files\QuickTime Alternative
2009-02-20 20:27 . 2009-02-20 20:27 21640 ----a-w g:\windows\system32\emptyregdb.dat
2009-02-20 20:26 . 2009-02-20 20:26 -------- d-----w g:\program files\Unlocker
2009-03-05 18:2009-03-27 13:49 08:04 . g:\program files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[-] 2006-01-13 02:03 360448 2A4818AEA80ACD2C95D7D92D2F3155F8 g:\windows\system32\drivers\tcpip.sys

[-] 2006-01-13 02:04 2187904 C3B84871DECE94E335B96FAFD756316C g:\windows\system32\ntoskrnl.exe

[-] 2006-01-13 01:46 1075200 2DEACA71A7FD77205F59D48D76B2F565 g:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="g:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="g:\windows\system32\ctfmon.exe" [2006-01-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"NvMediaCenter"="g:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"Smapp"="g:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"WinampAgent"="g:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="g:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TV Card Remote Control Device Monitor"="g:\windows\713xRMTMon.exe" [2005-07-20 352256]
"OrderReminder"="g:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-21 98304]
"Ad-Watch"="g:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"SunJavaUpdateSched"="g:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 148888]
"BDAgent"="g:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-28 778240]
"BitDefender Antiphishing Helper"="g:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"nwiz"="nwiz.exe" - g:\windows\system32\nwiz.exe [2005-11-11 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="g:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

g:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - g:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-30 113664]
BlueSoleil.lnk - g:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-9-20 1200128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Program Files\\mIRC\\mirc.exe"=
"g:\\Program Files\\Valve\\hl.exe"=
"g:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;g:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R3 Arrakis3;BitDefender Arrakis Server;g:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
R3 iadusb;MT882;g:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
R3 PAC207;Trust WB-1400T Webcam;g:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S0 Lbd;Lbd;g:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S2 713xTVCard;SAA7133 TV Card;g:\windows\system32\DRIVERS\SAA713x.sys [2006-05-20 289280]
S2 BDVEDISK;BDVEDISK;g:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S2 WDMTVTuner;Universal WDM TV Tuner;g:\windows\system32\drivers\WDMTuner.sys [2006-05-20 26880]
S3 bdfm;bdfm;g:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;g:\windows\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0814C5AB
*NewlyCreated* - C06A8D9F
*Deregistered* - 0814c5ab
*Deregistered* - c06a8d9f

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-74CC2A322142}]
c:\driver\Files\Drago.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-30 g:\windows\Tasks\Ad-Aware Update (Weekly).job
- g:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-msnsc - g:\windows\system32\msnsc.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: Add to AMV Converter... - g:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Add to Media Manager... - g:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-18 13:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = g:\windows\713xRMTMon.exe???????????????S?e?xD2?x???U?I?????????????????x???????????x?2?????????????????????????????????x?2??????D2?????????S?e?x?2?e? ?x??????????????|LD2?????????????????????????????????????????????????????????h???????????????(?????????A????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-18 13:43
ComboFix-quarantined-files.txt 2009-04-18 12:43

Pre-Run: 54,924,333,056 bytes free
Post-Run: 55,298,854,912 bytes free

224

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Gde piše da treba postaviti ComboFix log pri otvaranju teme?


-------------------------------------------------------------------------------------



Upload-uj sledeće file-ove:

g:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
c:\driver\Files\Drago.exe

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

a gde pise da ne trebam? hehe
uploadovala sam ovo prvo,a sto se tice ovog Drago.exe prvi put vidim i cujem....Ne postoji :S kao ni lokacija i folderi i ako postoji u log-u

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:


Folder::
c:\driver

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-00WE-AAX5-74CC2A322142}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-04-18.05 - Admin 04/18/2009 21:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.492 [GMT 1:00]
Running from: g:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: g:\documents and settings\Admin\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *enabled*
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\driver

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 12:35 . 2009-04-18 12:35 57344 --sh--r g:\documents and settings\Admin\rundli32.exe
2009-04-18 10:49 . 2009-04-18 11:01 -------- d-----w G:\Lop SD
2009-03-31 14:39 . 2009-03-26 14:01 -------- d-----w g:\documents and settings\Admin\Contacts
2009-03-31 07:35 . 2009-03-31 07:35 -------- d-----w g:\windows\Sun
2009-03-29 18:56 . 2009-03-29 19:07 -------- d--h--w g:\windows\$hf_mig$
2009-03-29 18:46 . 2008-10-16 13:06 27496 ----a-w g:\windows\system32\mucltui.dll.mui
2009-03-29 18:46 . 2008-10-16 13:06 268648 ----a-w g:\windows\system32\mucltui.dll
2009-03-29 18:17 . 2009-03-29 18:17 -------- d-----w g:\documents and settings\All Users\Application Data\WLInstaller
2009-03-29 18:10 . 2008-10-16 13:09 31768 ----a-w g:\windows\system32\wucltui.dll.mui
2009-03-29 18:10 . 2008-10-16 13:07 18456 ----a-w g:\windows\system32\wuaueng.dll.mui
2009-03-29 18:10 . 2008-10-16 13:07 23576 ----a-w g:\windows\system32\wuaucpl.cpl.mui
2009-03-29 18:10 . 2008-10-16 13:07 23576 ----a-w g:\windows\system32\wuapi.dll.mui
2009-03-28 23:23 . 2009-03-29 00:24 340 ----a-w g:\windows\system32\BDUpdateV1.xml
2009-03-28 09:52 . 2009-03-28 09:52 -------- d-----w g:\documents and settings\Administrator\Application Data\BitDefender
2009-03-27 13:56 . 2009-03-27 13:56 850 ----a-w g:\windows\system32\ProductTweaks.xml
2009-03-27 13:56 . 2009-03-27 13:56 385 ----a-w g:\windows\system32\user_gensett.xml
2009-03-27 13:51 . 2009-04-18 20:20 81984 ----a-w g:\windows\system32\bdod.bin
2009-03-27 13:43 . 2009-03-27 13:43 -------- d-----w g:\documents and settings\Admin\Application Data\BitDefender
2009-03-27 13:43 . 2009-03-27 13:45 -------- d-----w g:\documents and settings\All Users\Application Data\BitDefender
2009-03-27 09:39 . 2009-03-27 09:39 -------- d-----w g:\windows\ADSL Reboot
2009-03-25 17:46 . 2009-04-18 20:01 -------- d-----w g:\documents and settings\Admin\Application Data\mIRC
2009-03-25 17:14 . 2009-03-25 17:14 3120 ----a-w g:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2009-03-25 17:14 . 2009-03-25 17:14 3120 ----a-w g:\windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
2009-03-25 12:23 . 2009-03-25 12:23 -------- d-----w g:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-24 21:21 . 2009-03-09 19:06 15688 ----a-w g:\windows\system32\lsdelete.exe
2009-03-24 21:17 . 2009-03-29 18:46 -------- dc----w g:\windows\system32\DRVSTORE
2009-03-24 21:17 . 2009-03-09 19:06 64160 ----a-w g:\windows\system32\drivers\Lbd.sys
2009-03-24 21:01 . 2009-03-24 21:01 -------- dc-h--w g:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-24 21:01 . 2009-03-24 21:18 -------- d-----w g:\documents and settings\All Users\Application Data\Lavasoft
2009-03-23 20:39 . 2009-03-23 20:38 73728 ----a-w g:\windows\system32\javacpl.cpl
2009-03-23 20:39 . 2009-03-23 20:38 410984 ----a-w g:\windows\system32\deploytk.dll
2009-03-21 17:22 . 2009-03-21 17:24 -------- d-----w g:\windows\system32\Adobe
2009-03-21 07:28 . 2009-03-21 07:28 -------- d-----w g:\windows\system32\Mesmerized_ScreenSaver dir
2009-03-21 07:28 . 2009-03-21 07:28 532480 ----a-w g:\windows\system32\Mesmerized_ScreenSaver.scr
2009-03-19 20:56 . 2009-03-19 20:56 -------- d-s---w g:\documents and settings\Admin\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 19:31 . 2009-03-25 17:46 -------- d-----w g:\program files\mIRC
2009-04-18 11:01 . 2009-04-18 10:50 9646 ----a-w G:\lopR.txt
2009-03-30 15:58 . 2009-02-20 20:31 -------- d-----w g:\program files\Common Files\Adobe
2009-03-29 18:33 . 2009-03-29 18:17 -------- dcsh--w g:\program files\Common Files\WindowsLiveInstaller
2009-03-29 18:17 . 2009-03-25 12:03 -------- d-----w g:\program files\Windows Live
2009-03-29 18:12 . 2009-03-31 14:38 -------- d-----w g:\program files\MSN Messenger
2009-03-29 18:09 . 2009-03-27 09:39 -------- d-----w g:\program files\ADSL Reboot
2009-03-28 14:31 . 2009-03-01 08:48 -------- d-----w g:\program files\Valve
2009-03-28 07:47 . 2009-03-28 07:47 -------- d-----w g:\program files\Common Files\Windows Live
2009-03-27 13:43 . 2009-03-27 13:39 -------- d-----w g:\program files\Common Files\BitDefender
2009-03-27 13:43 . 2009-03-27 13:43 -------- d-----w g:\program files\BitDefender
2009-03-27 10:23 . 2009-03-21 20:26 -------- d-----w g:\program files\Common Files\Symantec Shared
2009-03-27 10:14 . 2009-03-21 20:26 -------- d-----w g:\program files\Norton Security Scan
2009-03-25 20:46 . 2009-02-21 11:34 -------- d-----w g:\documents and settings\Admin\Application Data\Skype
2009-03-25 19:46 . 2009-02-21 11:35 -------- d-----w g:\documents and settings\Admin\Application Data\skypePM
2009-03-25 17:13 . 2009-03-25 17:13 -------- d-----w g:\program files\AARONS CLIKER
2009-03-25 12:03 . 2009-03-25 12:03 -------- d-----w g:\program files\Messenger Plus! Live
2009-03-25 08:27 . 2009-02-20 20:10 90112 ----a-w g:\windows\DUMP6cd3.tmp
2009-03-24 21:01 . 2009-03-24 21:01 -------- d-----w g:\program files\Lavasoft
2009-03-23 20:38 . 2009-03-23 20:38 -------- d-----w g:\program files\Java
2009-03-19 13:57 . 2009-03-19 13:57 -------- d-----w g:\program files\samsung
2009-03-19 13:57 . 2009-02-20 20:49 -------- d--h--w g:\program files\InstallShield Installation Information
2009-03-13 18:44 . 2009-03-13 18:44 -------- d-----w g:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-13 18:43 . 2009-03-13 18:43 -------- d-----w g:\program files\CCleaner
2009-03-13 18:43 . 2009-03-13 18:43 -------- d-----w g:\program files\Yahoo!
2009-03-11 18:56 . 2009-03-11 18:56 -------- d-----w g:\documents and settings\All Users\Application Data\TEMP
2009-03-08 17:42 . 2009-03-08 17:42 -------- d-----w g:\program files\Trust
2009-03-08 17:42 . 2009-03-08 17:42 -------- d-----w g:\program files\Common Files\PCCamera
2009-03-08 17:17 . 2009-03-02 16:36 -------- d-----w g:\program files\ChrisTV Lite
2009-03-08 16:47 . 2009-03-08 16:47 -------- d-----w g:\program files\Common Files\ArcSoft
2009-03-08 16:47 . 2009-03-08 16:47 -------- d-----w g:\program files\ArcSoft
2009-03-08 15:57 . 2009-02-20 20:49 -------- d-----w g:\program files\Common Files\InstallShield
2009-03-08 15:25 . 2009-03-08 15:25 53248 ----a-w g:\windows\ginstall.dll
2009-03-01 21:46 . 2009-03-01 21:45 -------- d-----w g:\program files\Hewlett-Packard
2009-03-01 21:45 . 2009-03-01 21:45 -------- d--h--w g:\program files\Zenographics
2009-03-01 20:19 . 2009-03-01 20:19 -------- d-----w g:\documents and settings\All Users\Application Data\Bluetooth
2009-03-01 20:16 . 2009-03-01 20:16 -------- d-----w g:\program files\IVT Corporation
2009-03-01 19:44 . 2009-02-20 20:30 86327 ----a-w g:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-21 18:14 . 2009-02-21 18:14 -------- d-----w g:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-21 16:00 . 2009-02-21 16:00 15544 ----a-w g:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 13:14 . 2009-02-21 13:14 -------- d-----w g:\program files\honestech
2009-02-21 12:58 . 2009-02-21 12:58 -------- d-----w g:\program files\Common Files\Nero
2009-02-21 12:56 . 2009-02-21 12:49 -------- d-----w g:\program files\Ahead
2009-02-21 12:49 . 2009-02-21 12:49 -------- d-----w g:\program files\Common Files\Ahead
2009-02-21 12:46 . 2009-02-21 12:46 -------- d-----w g:\program files\OLYMPUS
2009-02-21 11:40 . 2009-02-21 11:38 -------- d-----w g:\documents and settings\Admin\Application Data\Winamp
2009-02-21 11:40 . 2009-02-21 11:38 -------- d-----w g:\program files\Winamp
2009-02-21 11:28 . 2009-02-21 11:28 -------- d-----w g:\program files\Common Files\Skype
2009-02-21 11:28 . 2009-02-21 11:28 -------- d-----r g:\program files\Skype
2009-02-21 11:28 . 2009-02-21 11:28 -------- d-----w g:\documents and settings\All Users\Application Data\Skype
2009-02-21 11:17 . 2009-02-21 11:17 -------- d-----w g:\program files\MT882
2009-02-21 11:17 . 2009-02-21 11:16 -------- d-----w g:\documents and settings\Admin\Application Data\SumatraPDF
2009-02-20 20:54 . 2009-02-20 20:54 -------- d-----w g:\program files\MP3 Player Utilities 4.13
2009-02-20 20:49 . 2009-02-20 20:49 -------- d-----w g:\program files\Analog Devices
2009-02-20 20:36 . 2009-02-20 20:36 -------- d-----w g:\program files\Microsoft ActiveSync
2009-02-20 20:32 . 2009-02-20 20:32 -------- d-----w g:\documents and settings\All Users\Application Data\Apple Computer
2009-02-20 20:32 . 2009-02-20 20:32 107132 ----a-w g:\windows\UninstallFirefox.exe
2009-02-20 20:32 . 2009-02-20 20:31 2293 ----a-w g:\windows\mozver.dat
2009-02-20 20:31 . 2009-02-20 20:31 -------- d-----w g:\program files\QuickTime Alternative
2009-02-20 20:27 . 2009-02-20 20:27 21640 ----a-w g:\windows\system32\emptyregdb.dat
2009-02-20 20:26 . 2009-02-20 20:26 -------- d-----w g:\program files\Unlocker
2009-03-05 18:2009-03-27 13:49 08:04 . g:\program files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[-] 2006-01-13 02:03 360448 2A4818AEA80ACD2C95D7D92D2F3155F8 g:\windows\system32\drivers\tcpip.sys

[-] 2006-01-13 02:04 2187904 C3B84871DECE94E335B96FAFD756316C g:\windows\system32\ntoskrnl.exe

[-] 2006-01-13 01:46 1075200 2DEACA71A7FD77205F59D48D76B2F565 g:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-18_12.40.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-18 20:21 . 2009-04-18 20:21 16384 g:\windows\Temp\Perflib_Perfdata_b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="g:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"NvMediaCenter"="g:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"TV Card Remote Control Device Monitor"="g:\windows\713xRMTMon.exe" [2005-07-20 352256]
"BDAgent"="g:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-28 778240]
"BitDefender Antiphishing Helper"="g:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"nwiz"="nwiz.exe" - g:\windows\system32\nwiz.exe [2005-11-11 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="g:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

g:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - g:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-30 113664]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=g:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=g:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-03-09 19:06 515416 ----a-w g:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Updater]
2009-04-18 12:35 57344 --sh--r g:\documents and settings\Admin\rundli32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2006-01-13 01:13 15360 ----a-w g:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 10:34 5724184 ----a-w g:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 ----a-w g:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-07-21 10:00 98304 ----a-r g:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 08:57 143360 ----a-w g:\program files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-23 20:38 148888 ----a-w g:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w g:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Program Files\\mIRC\\mirc.exe"=
"g:\\Program Files\\Valve\\hl.exe"=
"g:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 Arrakis3;BitDefender Arrakis Server;g:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
R3 iadusb;MT882;g:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
R3 PAC207;Trust WB-1400T Webcam;g:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S0 Lbd;Lbd;g:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S2 713xTVCard;SAA7133 TV Card;g:\windows\system32\DRIVERS\SAA713x.sys [2006-05-20 289280]
S2 BDVEDISK;BDVEDISK;g:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;g:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 WDMTVTuner;Universal WDM TV Tuner;g:\windows\system32\drivers\WDMTuner.sys [2006-05-20 26880]
S3 bdfm;bdfm;g:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;g:\windows\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-03-30 g:\windows\Tasks\Ad-Aware Update (Weekly).job
- g:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: Add to AMV Converter... - g:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Add to Media Manager... - g:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - g:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4rjfp2nc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: g:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: g:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-18 21:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = g:\windows\713xRMTMon.exe???????????????S?e?xD2?x???U?I?????????????????x???????????x?2?????????????????????????????????x?2??????D2?????????S?e?x?2?e? ?x??????????????|LD2?????????????????????????????????????????????????????????h???????????????(?????????A????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-18 21:31
ComboFix-quarantined-files.txt 2009-04-18 20:31
ComboFix2.txt 2009-04-18 12:43

Pre-Run: 55,226,519,552 bytes free
Post-Run: 55,349,243,904 bytes free

229

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
g:\documents and settings\Admin\rundli32.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Updater]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 18 Apr 2009 23:08

hejjj komp mi je sad mnogo stabilniji i brze radi... HVALA TI KISSS sad cu opet da skeniram pa postavim log ****

Dopuna: 19 Apr 2009 12:22

Evo svezeg log-a

ComboFix 09-04-18.05 - Admin 04/19/2009 11:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.502 [GMT 1:00]
Running from: g:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: g:\documents and settings\Admin\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
g:\documents and settings\Admin\rundli32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

g:\documents and settings\Admin\rundli32.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-18 20:42 . 2009-04-18 20:42 -------- d-----w g:\documents and settings\Admin\Application Data\Malwarebytes
2009-04-18 20:42 . 2009-04-06 14:32 15504 ----a-w g:\windows\system32\drivers\mbam.sys
2009-04-18 20:42 . 2009-04-06 14:32 38496 ----a-w g:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 20:42 . 2009-04-18 20:42 -------- d-----w g:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-18 10:49 . 2009-04-18 11:01 -------- d-----w G:\Lop SD
2009-03-31 14:39 . 2009-03-26 14:01 -------- d-----w g:\documents and settings\Admin\Contacts
2009-03-31 07:35 . 2009-03-31 07:35 -------- d-----w g:\windows\Sun
2009-03-29 18:56 . 2009-03-29 19:07 -------- d--h--w g:\windows\$hf_mig$
2009-03-29 18:46 . 2008-10-16 13:06 27496 ----a-w g:\windows\system32\mucltui.dll.mui
2009-03-29 18:46 . 2008-10-16 13:06 268648 ----a-w g:\windows\system32\mucltui.dll
2009-03-29 18:17 . 2009-03-29 18:17 -------- d-----w g:\documents and settings\All Users\Application Data\WLInstaller
2009-03-29 18:10 . 2008-10-16 13:09 31768 ----a-w g:\windows\system32\wucltui.dll.mui
2009-03-29 18:10 . 2008-10-16 13:07 18456 ----a-w g:\windows\system32\wuaueng.dll.mui
2009-03-29 18:10 . 2008-10-16 13:07 23576 ----a-w g:\windows\system32\wuaucpl.cpl.mui
2009-03-29 18:10 . 2008-10-16 13:07 23576 ----a-w g:\windows\system32\wuapi.dll.mui
2009-03-28 23:23 . 2009-03-29 00:24 340 ----a-w g:\windows\system32\BDUpdateV1.xml
2009-03-28 09:52 . 2009-03-28 09:52 -------- d-----w g:\documents and settings\Administrator\Application Data\BitDefender
2009-03-27 13:56 . 2009-03-27 13:56 850 ----a-w g:\windows\system32\ProductTweaks.xml
2009-03-27 13:56 . 2009-03-27 13:56 385 ----a-w g:\windows\system32\user_gensett.xml
2009-03-27 13:51 . 2009-03-26 21:56 81984 ----a-w g:\windows\system32\bdod.bin
2009-03-27 13:43 . 2009-03-27 13:43 -------- d-----w g:\documents and settings\Admin\Application Data\BitDefender
2009-03-27 13:43 . 2009-03-27 13:45 -------- d-----w g:\documents and settings\All Users\Application Data\BitDefender
2009-03-27 09:39 . 2009-03-27 09:39 -------- d-----w g:\windows\ADSL Reboot
2009-03-25 17:46 . 2009-03-27 10:51 -------- d-----w g:\documents and settings\Admin\Application Data\mIRC
2009-03-25 17:14 . 2009-03-25 17:14 3120 ----a-w g:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2009-03-25 17:14 . 2009-03-25 17:14 3120 ----a-w g:\windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
2009-03-25 12:23 . 2009-03-25 12:23 -------- d-----w g:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-24 21:21 . 2009-03-09 19:06 15688 ----a-w g:\windows\system32\lsdelete.exe
2009-03-24 21:17 . 2009-03-29 18:46 -------- dc----w g:\windows\system32\DRVSTORE
2009-03-24 21:17 . 2009-03-09 19:06 64160 ----a-w g:\windows\system32\drivers\Lbd.sys
2009-03-24 21:01 . 2009-03-24 21:01 -------- dc-h--w g:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-24 21:01 . 2009-03-24 21:18 -------- d-----w g:\documents and settings\All Users\Application Data\Lavasoft
2009-03-23 20:39 . 2009-03-23 20:38 73728 ----a-w g:\windows\system32\javacpl.cpl
2009-03-23 20:39 . 2009-03-23 20:38 410984 ----a-w g:\windows\system32\deploytk.dll
2009-03-21 17:22 . 2009-03-21 17:24 -------- d-----w g:\windows\system32\Adobe
2009-03-21 07:28 . 2009-03-21 07:28 -------- d-----w g:\windows\system32\Mesmerized_ScreenSaver dir
2009-03-21 07:28 . 2009-03-21 07:28 532480 ----a-w g:\windows\system32\Mesmerized_ScreenSaver.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 20:42 . 2009-04-18 20:42 -------- d-----w g:\program files\Malwarebytes' Anti-Malware
2009-04-18 11:01 . 2009-04-18 10:50 9646 ----a-w G:\lopR.txt
2009-03-30 15:58 . 2009-02-20 20:31 -------- d-----w g:\program files\Common Files\Adobe
2009-03-29 18:33 . 2009-03-29 18:17 -------- dcsh--w g:\program files\Common Files\WindowsLiveInstaller
2009-03-29 18:17 . 2009-03-25 12:03 -------- d-----w g:\program files\Windows Live
2009-03-29 18:12 . 2009-03-31 14:38 -------- d-----w g:\program files\MSN Messenger
2009-03-29 18:09 . 2009-03-27 09:39 -------- d-----w g:\program files\ADSL Reboot
2009-03-28 14:31 . 2009-03-01 08:48 -------- d-----w g:\program files\Valve
2009-03-28 07:47 . 2009-03-28 07:47 -------- d-----w g:\program files\Common Files\Windows Live
2009-03-27 13:43 . 2009-03-27 13:39 -------- d-----w g:\program files\Common Files\BitDefender
2009-03-27 13:43 . 2009-03-27 13:43 -------- d-----w g:\program files\BitDefender
2009-03-27 10:43 . 2009-03-25 17:46 -------- d-----w g:\program files\mIRC
2009-03-27 10:23 . 2009-03-21 20:26 -------- d-----w g:\program files\Common Files\Symantec Shared
2009-03-27 10:14 . 2009-03-21 20:26 -------- d-----w g:\program files\Norton Security Scan
2009-03-25 20:46 . 2009-02-21 11:34 -------- d-----w g:\documents and settings\Admin\Application Data\Skype
2009-03-25 19:46 . 2009-02-21 11:35 -------- d-----w g:\documents and settings\Admin\Application Data\skypePM
2009-03-25 17:13 . 2009-03-25 17:13 -------- d-----w g:\program files\AARONS CLIKER
2009-03-25 12:03 . 2009-03-25 12:03 -------- d-----w g:\program files\Messenger Plus! Live
2009-03-25 08:27 . 2009-02-20 20:10 90112 ----a-w g:\windows\DUMP6cd3.tmp
2009-03-24 21:01 . 2009-03-24 21:01 -------- d-----w g:\program files\Lavasoft
2009-03-23 20:38 . 2009-03-23 20:38 -------- d-----w g:\program files\Java
2009-03-19 13:57 . 2009-03-19 13:57 -------- d-----w g:\program files\samsung
2009-03-19 13:57 . 2009-02-20 20:49 -------- d--h--w g:\program files\InstallShield Installation Information
2009-03-13 18:44 . 2009-03-13 18:44 -------- d-----w g:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-13 18:43 . 2009-03-13 18:43 -------- d-----w g:\program files\CCleaner
2009-03-13 18:43 . 2009-03-13 18:43 -------- d-----w g:\program files\Yahoo!
2009-03-11 18:56 . 2009-03-11 18:56 -------- d-----w g:\documents and settings\All Users\Application Data\TEMP
2009-03-08 17:42 . 2009-03-08 17:42 -------- d-----w g:\program files\Trust
2009-03-08 17:42 . 2009-03-08 17:42 -------- d-----w g:\program files\Common Files\PCCamera
2009-03-08 17:17 . 2009-03-02 16:36 -------- d-----w g:\program files\ChrisTV Lite
2009-03-08 16:47 . 2009-03-08 16:47 -------- d-----w g:\program files\Common Files\ArcSoft
2009-03-08 16:47 . 2009-03-08 16:47 -------- d-----w g:\program files\ArcSoft
2009-03-08 15:57 . 2009-02-20 20:49 -------- d-----w g:\program files\Common Files\InstallShield
2009-03-08 15:25 . 2009-03-08 15:25 53248 ----a-w g:\windows\ginstall.dll
2009-03-01 21:46 . 2009-03-01 21:45 -------- d-----w g:\program files\Hewlett-Packard
2009-03-01 21:45 . 2009-03-01 21:45 -------- d--h--w g:\program files\Zenographics
2009-03-01 20:19 . 2009-03-01 20:19 -------- d-----w g:\documents and settings\All Users\Application Data\Bluetooth
2009-03-01 20:16 . 2009-03-01 20:16 -------- d-----w g:\program files\IVT Corporation
2009-03-01 19:44 . 2009-02-20 20:30 86327 ----a-w g:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-21 18:14 . 2009-02-21 18:14 -------- d-----w g:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-21 16:00 . 2009-02-21 16:00 15544 ----a-w g:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 13:14 . 2009-02-21 13:14 -------- d-----w g:\program files\honestech
2009-02-21 12:58 . 2009-02-21 12:58 -------- d-----w g:\program files\Common Files\Nero
2009-02-21 12:56 . 2009-02-21 12:49 -------- d-----w g:\program files\Ahead
2009-02-21 12:49 . 2009-02-21 12:49 -------- d-----w g:\program files\Common Files\Ahead
2009-02-21 12:46 . 2009-02-21 12:46 -------- d-----w g:\program files\OLYMPUS
2009-02-21 11:40 . 2009-02-21 11:38 -------- d-----w g:\documents and settings\Admin\Application Data\Winamp
2009-02-21 11:40 . 2009-02-21 11:38 -------- d-----w g:\program files\Winamp
2009-02-21 11:28 . 2009-02-21 11:28 -------- d-----w g:\program files\Common Files\Skype
2009-02-21 11:28 . 2009-02-21 11:28 -------- d-----r g:\program files\Skype
2009-02-21 11:28 . 2009-02-21 11:28 -------- d-----w g:\documents and settings\All Users\Application Data\Skype
2009-02-21 11:17 . 2009-02-21 11:17 -------- d-----w g:\program files\MT882
2009-02-21 11:17 . 2009-02-21 11:16 -------- d-----w g:\documents and settings\Admin\Application Data\SumatraPDF
2009-02-20 20:54 . 2009-02-20 20:54 -------- d-----w g:\program files\MP3 Player Utilities 4.13
2009-02-20 20:49 . 2009-02-20 20:49 -------- d-----w g:\program files\Analog Devices
2009-02-20 20:36 . 2009-02-20 20:36 -------- d-----w g:\program files\Microsoft ActiveSync
2009-02-20 20:32 . 2009-02-20 20:32 -------- d-----w g:\documents and settings\All Users\Application Data\Apple Computer
2009-02-20 20:32 . 2009-02-20 20:32 107132 ----a-w g:\windows\UninstallFirefox.exe
2009-02-20 20:32 . 2009-02-20 20:31 2293 ----a-w g:\windows\mozver.dat
2009-02-20 20:31 . 2009-02-20 20:31 -------- d-----w g:\program files\QuickTime Alternative
2009-02-20 20:27 . 2009-02-20 20:27 21640 ----a-w g:\windows\system32\emptyregdb.dat
2009-02-20 20:26 . 2009-02-20 20:26 -------- d-----w g:\program files\Unlocker
2009-03-05 18:2009-03-27 13:49 08:04 . g:\program files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E g:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[-] 2006-01-13 02:03 360448 2A4818AEA80ACD2C95D7D92D2F3155F8 g:\windows\system32\drivers\tcpip.sys

[-] 2006-01-13 02:04 2187904 C3B84871DECE94E335B96FAFD756316C g:\windows\system32\ntoskrnl.exe

[-] 2006-01-13 01:46 1075200 2DEACA71A7FD77205F59D48D76B2F565 g:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-18_12.40.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-27 10:39 . 2009-03-27 10:39 16384 g:\windows\Temp\Perflib_Perfdata_778.dat
+ 2006-01-13 01:39 . 2009-03-26 21:59 40836 g:\windows\system32\perfc009.dat
- 2006-01-13 01:39 . 2009-03-29 08:41 40836 g:\windows\system32\perfc009.dat
+ 2006-01-13 01:39 . 2009-03-26 21:59 314508 g:\windows\system32\perfh009.dat
- 2006-01-13 01:39 . 2009-03-29 08:41 314508 g:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="g:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"NvMediaCenter"="g:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"TV Card Remote Control Device Monitor"="g:\windows\713xRMTMon.exe" [2005-07-20 352256]
"BDAgent"="g:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-28 778240]
"BitDefender Antiphishing Helper"="g:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"nwiz"="nwiz.exe" - g:\windows\system32\nwiz.exe [2005-11-11 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="g:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

g:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - g:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-30 113664]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=g:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=g:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-03-09 19:06 515416 ----a-w g:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2006-01-13 01:13 15360 ----a-w g:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 10:34 5724184 ----a-w g:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 ----a-w g:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-07-21 10:00 98304 ----a-r g:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 08:57 143360 ----a-w g:\program files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-23 20:38 148888 ----a-w g:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w g:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Program Files\\mIRC\\mirc.exe"=
"g:\\Program Files\\Valve\\hl.exe"=
"g:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 Arrakis3;BitDefender Arrakis Server;g:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
R3 iadusb;MT882;g:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
R3 PAC207;Trust WB-1400T Webcam;g:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S0 Lbd;Lbd;g:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S2 713xTVCard;SAA7133 TV Card;g:\windows\system32\DRIVERS\SAA713x.sys [2006-05-20 289280]
S2 BDVEDISK;BDVEDISK;g:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;g:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 WDMTVTuner;Universal WDM TV Tuner;g:\windows\system32\drivers\WDMTuner.sys [2006-05-20 26880]
S3 bdfm;bdfm;g:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;g:\windows\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-03-30 g:\windows\Tasks\Ad-Aware Update (Weekly).job
- g:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: Add to AMV Converter... - g:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Add to Media Manager... - g:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - g:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4rjfp2nc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: g:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: g:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-19 11:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = g:\windows\713xRMTMon.exe???????????????S?e?xD2?x???U?I?????????????????x???????????x?2?????????????????????????????????x?2??????D2?????????S?e?x?2?e? ?x??????????????|LD2?????????????????????????????????????????????????????????h???????????????(?????????A????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-19 11:19
ComboFix-quarantined-files.txt 2009-04-19 10:19
ComboFix2.txt 2009-04-18 20:31
ComboFix3.txt 2009-04-18 12:43

Pre-Run: 55,241,650,176 bytes free
Post-Run: 55,309,664,256 bytes free

236

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo sada izgleda ok.

Preostala je samo deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.


To je sve...