Problem sa trojancima

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-10-14.01 - korisnik 2008-10-14 20:30:06.2 - NTFSx86
Running from: C:\Users\korisnik\Desktop\ooo\ComboFix.exe
Command switches used :: C:\Users\korisnik\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\Tasks\rpc.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SPP
C:\Program Files\SPP\SPP.ooo
C:\Windows\Tasks\rpc.job

.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.

2008-10-12 17:57 . 2008-10-12 17:57 <DIR> d-------- C:\Program Files\CCleaner
2008-10-12 16:18 . 2008-10-12 16:18 <DIR> d-------- C:\Users\korisnik\AppData\Roaming\Malwarebytes
2008-10-12 16:18 . 2008-10-12 16:18 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-12 16:18 . 2008-10-12 16:18 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-12 16:18 . 2008-10-12 16:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 16:18 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-12 16:18 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-07 16:09 . 2008-10-07 16:09 <DIR> d-------- C:\Users\korisnik\AppData\Roaming\ACD Systems
2008-10-05 14:03 . 2008-10-05 14:03 <DIR> d-------- C:\Program Files\Real
2008-10-05 14:03 . 2008-10-05 14:06 <DIR> d-------- C:\Program Files\Common Files\Real
2008-10-05 14:03 . 2008-10-05 14:03 774,144 --a------ C:\Program Files\RngInterstitial.dll
2008-10-05 14:01 . 2008-10-05 14:07 <DIR> d-------- C:\Users\All Users\WeFi
2008-10-05 14:01 . 2008-10-05 14:07 <DIR> d-------- C:\ProgramData\WeFi
2008-09-26 07:26 . 2008-09-26 07:26 <DIR> d-------- C:\Users\All Users\LightScribe
2008-09-26 07:26 . 2008-09-26 07:26 <DIR> d-------- C:\ProgramData\LightScribe
2008-09-24 09:05 . 2008-09-24 09:05 <DIR> d-------- C:\Users\Public\CyberLink
2008-09-24 09:04 . 2008-09-24 09:04 <DIR> d-------- C:\Users\All Users\CyberLink
2008-09-24 09:04 . 2008-09-24 09:04 <DIR> d-------- C:\ProgramData\CyberLink
2008-09-24 09:03 . 2008-09-24 09:03 <DIR> d-------- C:\Users\korisnik\AppData\Roaming\CyberLink
2008-09-24 05:35 . 2003-06-18 17:31 17,920 --a------ C:\Windows\System32\mdimon.dll
2008-09-24 05:35 . 2008-09-24 05:35 376 --a------ C:\Windows\ODBC.INI
2008-09-24 05:33 . 2008-09-24 05:33 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-09-24 05:10 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-23 22:03 . 2008-09-23 22:03 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-09-23 22:02 . 2008-09-26 07:26 <DIR> d-------- C:\Users\korisnik\AppData\Roaming\Ahead
2008-09-23 22:02 . 2008-09-23 22:02 <DIR> d-------- C:\Users\All Users\Ahead
2008-09-23 22:02 . 2008-09-23 22:02 <DIR> d-------- C:\ProgramData\Ahead
2008-09-23 21:57 . 2008-09-23 21:57 <DIR> d-------- C:\Users\All Users\Nero
2008-09-23 21:57 . 2008-09-23 21:57 <DIR> d-------- C:\ProgramData\Nero
2008-09-23 21:57 . 2008-09-23 21:57 <DIR> d-------- C:\Program Files\Nero
2008-09-23 21:57 . 2008-09-23 22:01 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-09-23 21:32 . 2008-09-23 21:32 <DIR> d-------- C:\Program Files\Total Commander XP
2008-09-23 21:30 . 2008-09-23 21:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-09-23 21:15 . 2008-09-23 21:15 <DIR> d-------- C:\Users\All Users\ACD Systems
2008-09-23 21:15 . 2008-09-23 21:15 <DIR> d-------- C:\ProgramData\ACD Systems
2008-09-23 21:15 . 2008-09-23 21:15 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-09-23 21:15 . 2008-09-23 21:15 <DIR> d-------- C:\Program Files\ACD Systems
2008-09-23 21:15 . 2008-09-23 21:15 10,368 --a------ C:\Windows\System32\drivers\pfc.sys
2008-09-23 21:14 . 2008-09-23 21:14 <DIR> d-------- C:\Windows\Downloaded Installations
2008-09-23 21:13 . 2008-09-24 07:17 <DIR> d-------- C:\Users\korisnik\AppData\Roaming\Winamp
2008-09-23 21:13 . 2008-09-23 21:13 <DIR> d-------- C:\Program Files\Winamp
2008-09-23 21:13 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-09-23 21:12 . 2008-09-23 21:12 <DIR> d-------- C:\Program Files\Mv2Player
2008-09-23 21:11 . 2008-09-23 21:11 <DIR> d-------- C:\Program Files\Webteh
2008-09-23 21:10 . 2008-09-23 21:10 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-23 21:01 . 2008-09-23 21:01 <DIR> d-------- C:\Users\korisnik\AppData\Roaming\Leadertech
2008-09-23 21:01 . 2008-09-23 21:01 <DIR> d-------- C:\Users\korisnik\AppData\Roaming\Acer
2008-09-23 21:00 . 2008-09-23 21:00 <DIR> dr------- C:\Users\korisnik\Searches
2008-09-23 21:00 . 2008-09-27 14:31 <DIR> dr------- C:\Users\korisnik\Contacts
2008-09-23 20:59 . 2008-10-10 08:38 <DIR> dr------- C:\Users\korisnik\Videos
2008-09-23 20:59 . 2008-09-24 21:27 <DIR> dr------- C:\Users\korisnik\Saved Games
2008-09-23 20:59 . 2008-10-10 08:38 <DIR> dr------- C:\Users\korisnik\Pictures
2008-09-23 20:59 . 2008-10-10 08:39 <DIR> dr------- C:\Users\korisnik\Music
2008-09-23 20:59 . 2008-09-23 21:00 <DIR> dr------- C:\Users\korisnik\Links
2008-09-23 20:59 . 2008-09-23 17:22 <DIR> dr------- C:\Users\korisnik\Downloads
2008-09-23 20:59 . 2008-10-12 16:27 <DIR> dr------- C:\Users\korisnik\Documents
2008-09-23 20:59 . 2006-11-02 14:37 <DIR> d-------- C:\Users\korisnik\AppData\Roaming\Media Center Programs
2008-09-23 20:59 . 2008-10-05 23:38 <DIR> d--h----- C:\Users\korisnik\AppData
2008-09-23 20:59 . 2008-10-05 18:54 <DIR> d-------- C:\Users\korisnik
2008-09-23 20:59 . 2008-09-23 20:59 <DIR> d-------- C:\Program Files\Acer
2008-09-23 20:55 . 2008-09-23 20:55 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-09-23 18:20 . 2008-09-23 18:20 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-23 18:07 . 2008-09-23 18:07 27,867,816 --a------ C:\Users\korisnik\setupsrb.exe
2008-09-23 17:28 . 2008-09-23 17:28 <DIR> d-------- C:\Users\korisnik\AppData\Roaming\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 04:15 --------- d-----w C:\Program Files\Yahoo!
2008-09-24 04:01 --------- d-----w C:\ProgramData\McAfee
2008-09-24 03:58 --------- d-----w C:\ProgramData\SiteAdvisor
2008-09-24 03:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-10-14_16.07.17,62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-14 13:54:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-14 18:22:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-14 13:54:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-14 18:22:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-14 13:56:12 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-14 18:24:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-10-14 13:56:06 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-14 18:24:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-10-14 13:57:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-14 18:24:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-14 13:57:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-14 18:24:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-14 13:57:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-14 18:24:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-14 14:04:11 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-14 18:29:56 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-10-14 13:59:12 118,872 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-14 18:27:46 118,872 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-14 13:59:12 642,392 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-14 18:27:46 642,392 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-14 13:56:09 5,700 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3705735192-3033637768-1122210738-1003_UserData.bin
+ 2008-10-14 18:24:41 5,724 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3705735192-3033637768-1122210738-1003_UserData.bin
- 2008-10-14 13:56:09 74,432 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-14 18:24:41 74,464 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-14 13:56:07 48,882 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-14 18:24:39 48,914 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 11:00 39472 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-04 178712]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 137752]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-01-08 858632]
"Acer Assist Launcher"="C:\Program Files\Acer\Acer Assist\launcher.exe" [2007-11-20 1261568]
"Acer Product Registration"="C:\Program Files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 C:\Windows\RtHDVCpl.exe]

C:\Users\korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Acer Product Registration.lnk - C:\Program Files\Acer\Acer Registration\ACE1.exe [11/26/2007 8:21:22 PM 3387392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [3/26/2008 10:23:54 AM 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6B167B71-C0E6-4115-8092-49BB35438603}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-23 180736]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-14 20:32:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-14 20:33:54
ComboFix-quarantined-files.txt 2008-10-14 18:33:51
ComboFix2.txt 2008-10-14 14:08:38

Pre-Run: 30.703.464.448 bytes free
Post-Run: 30,562,123,776 bytes free

188

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje? Detektuje li avast! nešto (a da to ne može da obriše)?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

sada sve miruje
da li se obisalo to sto treba?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Mislim da je avast! detektovao samo zaostale file-ove.

U svakom slučaju, ovde nema aktivnog malware-a.

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To je sve.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ja sam ta drugarica....
Tako da ne znam gde to da kliknem START


Dopuna: 14 Okt 2008 21:33

Aha! ukapirala sam
uradila sam, nadam se da je to to..
Hvala puno

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sorry, uputstvo je bilo za Win. Xp. No, bitno da si se snašla.

poz