Pomoc problem sa IE

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo

ComboFix 08-07-15.4 - XP 2008-07-19 3:00:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.228 [GMT 2:00]
Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\XP\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))
.

2008-07-18 20:28 . 2008-07-18 20:27 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-15 23:22 . 2008-07-15 23:22 2,714 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-15 20:19 . 2008-07-15 22:23 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-15 19:16 . 2008-07-18 19:45 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-15 19:16 . 2008-07-15 19:16 <DIR> d-------- C:\Program Files\AVG
2008-07-15 19:16 . 2008-07-15 22:58 <DIR> d-------- C:\Documents and Settings\XP\Application Data\AVGTOOLBAR
2008-07-15 19:16 . 2008-07-15 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 19:16 . 2008-07-15 19:16 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-15 19:16 . 2008-07-15 19:16 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-15 19:16 . 2008-07-15 19:16 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-14 23:42 . 2007-04-24 16:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-07-14 23:42 . 2008-03-28 18:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-14 23:42 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-14 23:33 . 2008-07-14 23:33 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-07-14 23:29 . 2008-07-14 23:29 <DIR> d-------- C:\WINDOWS\FF5D0751E69211D499D00060B0A11DC1.TMP
2008-07-13 10:44 . 2008-07-13 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-13 09:09 . 2008-07-13 09:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-13 09:09 . 2008-07-13 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-12 11:29 . 2001-08-23 10:00 68,608 --a------ C:\WINDOWS\system32\plugin.ocx
2008-07-12 11:29 . 2001-08-23 10:00 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx
2008-07-12 11:00 . 2008-07-18 20:32 <DIR> d-------- C:\Documents and Settings\XP\.housecall6.6
2008-07-12 10:35 . 2008-07-12 10:35 <DIR> d-------- C:\Documents and Settings\XP\Application Data\IE7pro
2008-07-12 10:35 . 2006-06-19 15:18 20,480 --a------ C:\WINDOWS\system32\normaliz.dll
2008-07-12 10:35 . 2006-09-01 14:44 8,798 --a------ C:\WINDOWS\system32\icrav03.rat
2008-07-03 21:03 . 2008-07-03 21:03 268 --ah----- C:\sqmdata05.sqm
2008-07-03 21:03 . 2008-07-03 21:03 244 --ah----- C:\sqmnoopt05.sqm
2008-06-19 17:50 . 2008-06-19 17:50 268 --ah----- C:\sqmdata04.sqm
2008-06-19 17:50 . 2008-06-19 17:50 244 --ah----- C:\sqmnoopt04.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 01:03 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-18 20:02 --------- d-----w C:\Documents and Settings\XP\Application Data\uTorrent
2008-07-14 21:42 --------- d-----w C:\Program Files\ffdshow
2008-07-14 21:31 --------- d-----w C:\Program Files\Norton SystemWorks
2008-07-14 21:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-14 21:30 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-07-14 21:29 --------- d-----w C:\Program Files\DivXCodec
2008-07-14 21:29 --------- d-----w C:\Program Files\DAP
2008-07-13 07:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 15:32 --------- d-----w C:\Documents and Settings\XP\Application Data\Talkback
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2006-04-18 17:12 170,752 ----a-w C:\Documents and Settings\XP\Application Data\GDIPFONTCACHEV1.DAT
2002-04-07 06:46 81,920 ----a-w C:\Program Files\Euro Calculator.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\FF5D0751E69211D499D00060B0A11DC1.TMP ----

2008-07-14 23:29 25600 --a------ C:\WINDOWS\FF5D0751E69211D499D00060B0A11DC1.TMP\WiseCustomCalla1.dll
2008-07-14 23:29 1843267 --a------ C:\WINDOWS\FF5D0751E69211D499D00060B0A11DC1.TMP\WiseCustomCalla2.dll
2008-07-14 23:29 1843267 --a------ C:\WINDOWS\FF5D0751E69211D499D00060B0A11DC1.TMP\WiseCustomCalla.dll


------- Sigcheck -------

2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2007-11-04 01:42 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-11-04 01:42 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2002-06-18 22:53 66560]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-15 19:16 1232152]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 02:10 409600]
"C-Media Mixer"="Mixer.exe" [2001-11-14 19:08 1216512 C:\WINDOWS\mixer.exe]
"nwiz"="nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-01-23 16:11:08 110592]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-04-19 19:36:42 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
"msacm.l3acma"= L3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Download\\eMule0.47c\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\wincmd\\TOTALCMD.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"D:\\Download\\Dc++\\DCPlusPlus.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"\\\\Xp\\c\\Program Files\\wincmd\\TOTALCMD.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 22:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 22:41]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-15 19:16]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-15 19:16]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-15 19:16]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-15 19:16]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
S3 FLEXlm License Manager;FLEXlm License Manager;C:\Program Files\Common Files\AliasWavefront Shared\licensing\etc\lmgrd.exe []
S3 RockfireAnalogJoystickEnabler;Rockfire Analog Gamedevice driver;C:\WINDOWS\system32\drivers\RFTBtn.sys []
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 22:58]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

*Newly Created Service* - TMCOMM
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-07-18 21:46:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-07-19 03:03:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-19 3:05:19
ComboFix-quarantined-files.txt 2008-07-19 01:05:07
ComboFix2.txt 2008-07-18 18:07:32
ComboFix3.txt 2008-07-16 21:18:13

Pre-Run: 2,539,360,256 bytes free
Post-Run: 2,525,671,424 bytes free

158