Problem sa Virusom

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kako bih mogao da proverim dali neki virus smeta instalaciji AVG?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zar te već ne uputih da postaviš logove?

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Neznam kako ,sta...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Klikneš na taj gore link, čitaš i pratiš uputstvo. Veoma je jednostavno.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 31 Okt 2009 21:36

DDS (Ver_09-10-26.01) - NTFSx86
Run by SINISA at 21:35:04.85 on Sat 10/31/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.136 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SINIŠA\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
mURLSearchHooks: H - No File
mURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: D: {ee854086-dd86-38ff-b321-b9a77b19048b} - c:\windows\system32\mws37678.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171310534671
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-4-20 13696]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\sinia~1\locals~1\temp\{55638dd9-d5a9-11d3-b74b-204c4f4f5020}\amdmsrio.sys --> c:\docume~1\sinia~1\locals~1\temp\{55638dd9-d5a9-11d3-b74b-204c4f4f5020}\AMDMSRIO.sys [?]
S3 SmartKeyDriver;SmartKeyDriver;c:\program files\msi\smartkey\SMemory.sys [2006-12-30 8676]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-5-15 935208]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2012-11-20 23:33:31 0 d-----w- c:\docume~1\sinia~1\applic~1\_5849_fHx8fDI1fHx8_
2009-10-31 19:40:46 0 d--h--r- c:\documents and settings\siniša\Recent
2009-10-31 15:47:08 0 d-----w- c:\docume~1\sinia~1\applic~1\AVG8
2009-10-14 17:45:10 0 d-----w- C:\PRIMATRON
2009-10-14 17:16:35 0 d-----w- c:\program files\common files\Corel
2009-10-14 17:15:50 0 d-----w- c:\program files\Corel
2009-10-13 20:02:42 88 --sh--r- c:\docume~1\alluse~1\applic~1\E5041DF6BC.sys
2009-10-13 20:02:41 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-10-13 19:59:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel
2009-10-08 17:08:51 0 d-----w- c:\program files\NetTVPlus Player
2009-10-04 09:00:25 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~0
2009-10-04 08:50:55 38480 ------w- c:\windows\system32\IJRMF.exe

==================== Find3M ====================

2009-10-31 19:36:16 12320768 ---ha-w- c:\documents and settings\siniša\NTUSER.DAT
2009-10-14 17:45:10 38796 ----a-w- c:\windows\fonts\yswis_bi.ttf
2009-10-14 17:45:05 44964 ----a-w- c:\windows\fonts\yswis.ttf
2009-10-14 17:45:05 39148 ----a-w- c:\windows\fonts\cswiss_i.ttf
2009-10-14 17:45:05 38512 ----a-w- c:\windows\fonts\cswissbi.ttf
2009-10-14 17:45:05 37712 ----a-w- c:\windows\fonts\cswiss.ttf
2009-10-14 17:45:05 37512 ----a-w- c:\windows\fonts\cswiss_b.ttf
2009-10-14 17:45:05 36516 ----a-w- c:\windows\fonts\yswis__b.ttf
2009-10-13 19:43:38 3764 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-14 14:20:12 738304 ----a-w- c:\windows\GPInstall.exe
2009-08-12 10:50:26 21192 ----a-w- c:\windows\system32\dopdfmn6.dll
2009-08-12 10:50:24 18632 ----a-w- c:\windows\system32\dopdfmi6.dll
2006-11-22 18:07:05 88 --sh--r- c:\windows\system32\590D0E0B75.sys

============= FINISH: 21:35:27.31 ===============

https://www.mycity.rs/must-login.png

Dopuna: 31 Okt 2009 21:38

i ovo je bilo zadnje

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK. Još nedostaju Gmer logovi (korak broj 3).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 31 Okt 2009 22:45

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 31 Okt 2009 22:48

Sta sad treba?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 31 Okt 2009 23:52

ComboFix 09-10-30.01 - SINIŠA 10/31/2009 23:44.6.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.240 [GMT 1:00]
Running from: c:\documents and settings\SINIŠA\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2014-11-20 14:37 . 2014-11-20 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-14 17:45 . 2009-10-14 17:45 -------- d-----w- C:\PRIMATRON
2009-10-14 17:16 . 2009-10-14 17:16 -------- d-----w- c:\program files\Common Files\Corel
2009-10-14 17:15 . 2009-10-14 17:15 -------- d-----w- c:\program files\Corel
2009-10-13 19:59 . 2009-10-14 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-10-04 09:00 . 2009-10-04 09:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-10-04 08:50 . 2007-02-13 04:56 38480 ------w- c:\windows\system32\IJRMF.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 20:09 . 2008-11-21 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-31 17:17 . 2008-11-10 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-10-28 21:04 . 2007-01-13 18:17 -------- d-----w- c:\program files\mIRC
2009-10-26 19:22 . 2009-10-13 20:02 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-10-14 17:38 . 2009-10-13 20:02 88 --sh--r- c:\documents and settings\All Users\Application Data\E5041DF6BC.sys
2009-10-13 19:43 . 2007-02-15 19:58 3764 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-13 16:12 . 2009-09-06 14:42 -------- d-----w- c:\program files\IGEMS_R8
2009-10-07 21:23 . 2009-04-01 20:52 943920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-04 09:37 . 2008-05-28 21:42 -------- d-----w- c:\program files\Canon
2009-10-04 08:19 . 2006-12-21 14:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 07:35 . 2009-09-27 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\VMLakiraona
2009-09-22 18:34 . 2009-09-22 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2009-09-13 11:43 . 2009-09-13 11:12 -------- d-----w- c:\program files\BumpTop
2009-09-05 21:28 . 2009-09-05 21:28 -------- d-----w- c:\program files\Switch Off
2009-08-14 14:20 . 2009-08-13 20:25 738304 ----a-w- c:\windows\GPInstall.exe
2009-08-12 10:50 . 2009-08-18 17:47 21192 ----a-w- c:\windows\system32\dopdfmn6.dll
2009-08-12 10:50 . 2009-08-18 17:47 18632 ----a-w- c:\windows\system32\dopdfmi6.dll
2006-11-22 18:07 . 2007-02-15 19:58 88 --sh--r- c:\windows\system32\590D0E0B75.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-07-21 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-29 39408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\SINIŠA\Application Data\iolo\

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\AxCmd.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [4/20/2008 10:27 PM 13696]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\SINIA~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys --> c:\docume~1\SINIA~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys [?]
S3 SmartKeyDriver;SmartKeyDriver;c:\program files\MSI\SmartKey\SMemory.sys [12/30/2006 6:45 PM 8676]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - FWTCRPOG
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - fwtcrpog
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{32124A26-D946-4D64-BDA6-4278B39C2005}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

BHO-{EE854086-DD86-38FF-B321-B9A77B19048B} - c:\windows\system32\mws37678.dll
Notify-avgrsstarter - avgrsstx.dll
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 23:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1004336348-839522115-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1177238915-1004336348-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1FEF7500-86C3-9C7A-A2F8-D1C7658849CA}*]
"jagjdjmpeenllkaojpod"=hex:62,61,69,67,00,00
"iagmhhpcfgdmpnckcc"=hex:6b,61,68,64,6d,69,63,6a,6e,6c,61,69,70,6f,6f,64,6e,6a,
6f,66,63,6c,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-10-31 23:52
ComboFix-quarantined-files.txt 2009-10-31 22:51

Pre-Run: 20,866,961,408 bytes free
Post-Run: 21,093,613,568 bytes free

- - End Of File - - 0683F2C51CB3F0B554A6CCF6E9DACAD1

Dopuna: 31 Okt 2009 23:53

Ovo mi je izaslo u toku rada .


Dopuna: 31 Okt 2009 23:54

sta sad treba

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst (sve što se nalazi unutar kod polja):


RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

RegNull::
[HKEY_USERS\S-1-5-21-1177238915-1004336348-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1FEF7500-86C3-9C7A-A2F8-D1C7658849CA}*]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Nakon ovoga pokušaj instalirati antivirus.