Pomoc oko ciscenja

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:59, on 6.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\Z_F\TR3.exe..exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6561 bytes

Malo malo pa mi neki program nadje neku zarazu u c/2570dc97857afcedc463ac086 , ovaj sam folder dobio uz neki abdejt windowsa, i bio mi je smesten u "D" particiju, ali ja sam ga prebacio u "C". Danas mi je remove it pro nasao c/2570dc97857afcedc463ac086/msbdg2.dll . Posle sam skenirao i sa nodom, spyware doctorom, malwarebytes,ad-awar, oni nisu nasli nista.Pa me interesuje imali tu jos nekih zaraza, taman pomislim nema vise, prodje nekoliko abdejta i neki program opet nadje. Spyware doctor je na disable, dok sam radio ovo skeniranje, ako to ima nekakve veze.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

U postavljenom logu nema tragova malware-a.

Ipak, možemo izvršiti još jednu proveru ->

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-11-05.02 - Administrator 2008-11-06 20:18:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.563 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-02 16:22 . 2008-11-02 16:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uniblue
2008-10-27 22:48 . 2008-10-27 22:48 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-25 13:11 . 2004-07-26 15:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-10-25 13:11 . 2004-07-09 07:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2008-10-25 13:11 . 2005-09-01 10:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2008-10-25 13:11 . 2000-06-26 09:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-10-25 13:11 . 2005-09-01 10:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2008-10-25 13:10 . 2001-07-09 09:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-10-25 02:52 . 2008-10-25 02:52 <DIR> d-------- c:\program files\MSXML 4.0
2008-10-25 02:40 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-25 02:23 . 2008-06-23 16:36 773,120 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-10-25 02:22 . 2008-10-25 02:22 0 --a------ c:\windows\Irremote.ini
2008-10-24 23:03 . 2008-10-24 23:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nero
2008-10-24 23:00 . 2008-10-25 13:06 <DIR> d-------- c:\program files\Common Files\Nero
2008-10-24 23:00 . 2008-10-25 13:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-10-16 15:50 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-16 15:44 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-16 15:43 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 15:43 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 15:43 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 15:43 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-11 22:38 . 2008-10-11 22:38 3,120 --a------ c:\windows\system32\2JPNHCQE.ocx
2008-10-11 22:38 . 2008-10-11 22:38 3,120 --a------ c:\windows\6GNVR6C2.ocx
2008-10-10 23:00 . 2008-10-10 23:00 <DIR> d-------- c:\program files\Common Files\NSV
2008-10-09 16:12 . 2008-10-10 04:00 <DIR> d-------- c:\program files\AIMP2
2008-10-08 16:22 . 2008-10-10 04:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AIMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 16:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-06 14:44 --------- d-----w c:\program files\Spyware Doctor
2008-11-06 13:04 --------- d-----w c:\documents and settings\Administrator\Application Data\XnView
2008-11-06 13:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-05 21:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 17:59 --------- d-----w c:\program files\a-squared Free
2008-11-03 22:10 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2008-11-03 22:05 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2008-11-02 00:57 --------- d-----w c:\program files\Defraggler
2008-10-27 21:50 --------- d-----w c:\program files\Java
2008-10-25 13:13 --------- d-----w c:\program files\Ahead
2008-10-25 12:10 --------- d-----w c:\program files\Common Files\Ahead
2008-10-24 13:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-23 18:29 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-22 14:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 14:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-08 21:37 --------- d-----w c:\documents and settings\Administrator\Application Data\Winamp
2008-10-05 21:27 --------- d-----w c:\program files\Winamp
2008-10-04 21:43 --------- d-----w c:\program files\WinASO
2008-10-04 21:20 --------- d-----w c:\documents and settings\Administrator\Application Data\TrojanHunter
2008-10-03 19:38 81,288 ----a-w c:\windows\system32\drivers\iksyssec.sys
2008-10-03 19:38 66,952 ----a-w c:\windows\system32\drivers\iksysflt.sys
2008-10-03 19:38 40,840 ----a-w c:\windows\system32\drivers\ikfilesec.sys
2008-10-03 19:27 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Tools
2008-10-01 17:17 --------- d-----w c:\program files\ESET
2008-10-01 17:17 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-09-29 15:20 --------- d-----w c:\documents and settings\Administrator\Application Data\Simply Super Software
2008-09-28 17:18 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-09-28 17:18 --------- d-----w c:\documents and settings\Administrator\Application Data\Grisoft
2008-09-25 13:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-25 13:56 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\divx.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 05:11 --------- d-----w c:\program files\Common Files\Adobe
2008-09-15 04:55 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe(2)
2008-09-14 15:16 --------- d-----w c:\documents and settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-14 15:14 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-09-13 17:19 --------- d-----w c:\program files\InCode Solutions
2008-09-12 20:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-12 20:12 --------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-09-12 13:18 --------- d-----w c:\program files\IObit
2008-09-12 08:20 --------- d-----w c:\documents and settings\Administrator\Application Data\IObit
2008-09-11 16:17 --------- d-----w c:\documents and settings\Administrator\Application Data\Smart PC Solutions
2008-09-10 14:31 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-09-10 14:31 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-09-10 14:31 --------- d-----w c:\program files\Real
2008-09-10 14:31 --------- d-----w c:\program files\Common Files\xing shared
2008-09-10 14:31 --------- d-----w c:\program files\Common Files\Real
2008-09-10 13:56 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-09-09 10:58 --------- d-----w c:\program files\Google
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-22 01:08 878,592 ----a-w c:\windows\system32\wininet.dll
2008-08-22 01:08 43,008 ----a-w c:\windows\system32\licmgr10.dll
2008-08-22 01:06 72,704 ----a-w c:\windows\system32\admparse.dll
2008-08-22 01:06 71,680 ----a-w c:\windows\system32\iesetup.dll
2008-08-22 01:06 434,176 ----a-w c:\windows\system32\vbscript.dll
2008-08-22 01:05 48,128 ----a-w c:\windows\system32\mshtmler.dll
2008-08-22 01:05 35,840 ----a-w c:\windows\system32\imgutil.dll
2008-08-22 01:04 45,568 ----a-w c:\windows\system32\mshta.exe
2008-08-22 00:57 156,160 ----a-w c:\windows\system32\msls31.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-08 19:54 724,992 ----a-w c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-10 15:31 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-27 152984]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-07-03 29696]
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\149iuvmf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 20:20:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-06 20:20:35
ComboFix-quarantined-files.txt 2008-11-06 19:20:32

Pre-Run: 21.603.360.768 bytes free
Post-Run: 21,594,189,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

183 --- E O F --- 2008-10-25 01:53:08


Sto me poplasi ovaj kombo, dao mi je da instaliram neku recovery consolu, jeli to treba tako.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U redu je što si dozvolio ComboFix-u da instalira Recovery Console...

U logu nema ništa maliciozno, čist računar. Ostaje nam deinstalacija CF-a:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ostao mi je jedan folder u C/combofix, njega smem pretpostavljam rucno da obrisem. Puno hvala.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nakon gore opisanog postupka za deinstalaciju ti je ostao taj folder?
Smeš, naravno, da ga obrišeš...

Nema na čemu...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvini jos samo ovo. Ovo mi izbaci kad pokusam da deinstaliram hijack this

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Potvrdi sa "Yes", i to je sve...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala jos jednom, poz.