Problem sa windows explorerom

1

Problem sa windows explorerom

offline
  • Pridružio: 01 Jun 2006
  • Poruke: 53
  • Gde živiš: Paracin

Problem se pojavio pre par dana kod brata na racunaru jer mu se na desni klik na bilo kom folderu ili fajlu gasi win. explorer...

Ovo je log fajl koji sam napravio pomocu Hijackthis-a:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:10, on 25.9.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mmm.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\ppApps\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\opera.exe
C:\WINDOWS\system32\rundll32.exe
C:\ppApps\WinRAR\WinRAR.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.mywebsearch.com/index.jhtml?n=77C09F4F.....4CqlzynY0Q
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [PowerTweak Menu] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Visual Task Tips.lnk = C:\ppApps\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusear.....2010092313
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

--
End of file - 7528 bytes

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

offline
  • Pridružio: 01 Jun 2006
  • Poruke: 53
  • Gde živiš: Paracin

Nadam se da ce sada biti ok Smile


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 14:18:40,23 on sub 25.09.2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.586 [GMT 2:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mmm.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\ppApps\VisualTaskTips\VisualTaskTips.exe
svchost.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\opera.exe
C:\WINDOWS\system32\rundll32.exe
C:\ppApps\WinRAR\WinRAR.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZCman000&ptb=m3__r09Lr2lD4CqlzynY0Q
uWindow Title = IE
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [PowerTweak Menu] c:\windows\system32\mmm.exe
mRun: [SunJavaUpdateSched]
mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe
mRun: [SystemTray] SysTray.Exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
dRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [NewUser] %SystemRoot%\System32\NewUser.cmd
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\visual~1.lnk - c:\ppapps\visualtasktips\VisualTaskTips.exe
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &Search - edits.mywebsearch.com/toolbaredits/menusear.....2010092313
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-5-22 315408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2010-9-23 28762]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2007-11-7 14336]
S3 cpuz132;cpuz132;\??\c:\windows\temp\cpuz132\cpuz132_x32.sys --> c:\windows\temp\cpuz132\cpuz132_x32.sys [?]

============== File Associations ===============

inffile=c:\windows\system32\Notepad2.exe %1
inifile=c:\windows\system32\Notepad2.exe %1
txtfile=c:\windows\system32\Notepad2.exe %1

=============== Created Last 30 ================

2010-09-25 11:25:37 0 d-----w- c:\program files\Trend Micro
2010-09-23 17:39:16 32768 ----a-w- c:\windows\system32\f3PSSavr.scr
2010-09-23 17:39:16 0 d-----w- c:\program files\FunWebProducts
2010-09-23 17:39:10 0 d-----w- c:\program files\MyWebSearch
2010-09-18 22:56:59 0 d-----w- c:\windows\system32\wbem\Logs
2010-09-17 18:54:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-16 21:29:30 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-09-16 21:29:29 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-09-16 20:55:13 0 d-sh--w- c:\windows\ftpcache
2010-09-16 20:52:17 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-09-16 19:00:14 0 d-----w- c:\program files\DAEMON Tools Pro
2010-09-16 18:59:46 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2010-09-16 18:59:46 0 d-----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2010-09-12 21:03:07 0 d-----w- c:\program files\Air Conflicts Demo
2010-09-10 19:06:31 0 d-----w- c:\program files\Mv2Player
2010-09-09 17:41:36 0 d-----w- c:\program files\unite
2010-09-09 17:41:36 0 d-----w- c:\program files\ui
2010-09-09 17:41:36 0 d-----w- c:\program files\styles
2010-09-09 17:41:36 0 d-----w- c:\program files\skin
2010-09-09 17:41:36 0 d-----w- c:\program files\program
2010-09-09 17:41:36 0 d-----w- c:\program files\gstreamer
2010-09-09 17:41:36 0 d-----w- c:\program files\extra
2010-09-08 20:20:58 0 d-----w- c:\docume~1\admini~1\applic~1\MozillaControl
2010-09-08 20:20:40 0 d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-09-08 20:19:35 0 d-----w- c:\program files\VideoLAN
2010-09-08 20:19:01 0 d-----w- c:\program files\Graboid
2010-09-07 00:10:44 836464 ----a-w- c:\program files\opera.exe
2010-09-07 00:10:44 5448560 ----a-w- c:\program files\opera.dll
2010-09-07 00:09:32 20480 ----a-w- c:\program files\OUniAnsi.dll
2010-09-07 00:09:24 607797 ----a-w- c:\program files\encoding.bin

==================== Find3M ====================

2010-09-16 19:00:24 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-07 00:21:24 18624 ----a-w- c:\program files\license.rtf
2010-09-06 22:43:56 7904 ----a-w- c:\program files\html40_entities.dtd
2010-09-06 22:43:48 3870 ----a-w- c:\program files\lngcode.txt
2010-09-06 22:43:44 301 ----a-w- c:\program files\c3nform.vxml
2010-09-06 22:43:42 59028 ----a-w- c:\program files\mathml.dtd
2010-08-14 23:08:19 209 ----a-w- c:\program files\operaprefs_default.ini
2010-07-29 16:43:01 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 16:43:01 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-18 11:00:39 3483 ----a-w- c:\docume~1\admini~1\applic~1\data.dat
2010-01-26 21:39:38 2119663 ----a-w- c:\program files\common files\svchost.exe
2010-05-22 19:50:28 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2010-05-22 19:50:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2010-05-22 19:50:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010052220100523\index.dat
2010-05-22 19:50:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 14:18:59,92 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png


mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ok je... Smile

Idemo dalje :


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 01 Jun 2006
  • Poruke: 53
  • Gde živiš: Paracin

ComboFix 10-09-24.05 - Administrator 25.09.2010 16:07:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.510 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\chrtmp
c:\documents and settings\Administrator\Application Data\data.dat
c:\documents and settings\Administrator\Application Data\setupv.exe
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files\Common Files\svchost.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\016B6C50
c:\program files\MyWebSearch\bar\Cache\016B7384
c:\program files\MyWebSearch\bar\Cache\016B7624.bin
c:\program files\MyWebSearch\bar\Cache\016B778B.bin
c:\program files\MyWebSearch\bar\Cache\016B7A1C.bin
c:\program files\MyWebSearch\bar\Cache\016B7E42.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\settings.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS
-------\Service_MyWebSearchService
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-25 14:15 . 2010-09-25 14:15 -------- d-----w- c:\windows\system32\xircom
2010-09-25 14:15 . 2010-09-25 14:15 -------- d-----w- c:\windows\system32\wbem\snmp
2010-09-25 14:15 . 2010-09-25 14:15 -------- d-----w- c:\windows\srchasst
2010-09-25 14:15 . 2010-09-25 14:15 -------- d-----w- c:\program files\microsoft frontpage
2010-09-25 11:25 . 2010-09-25 11:25 -------- d-----w- c:\program files\Trend Micro
2010-09-18 22:56 . 2010-09-23 23:33 -------- d-----w- c:\windows\system32\wbem\Logs
2010-09-17 18:54 . 2010-09-17 18:54 -------- d--h--r- c:\documents and settings\Administrator\Application Data\SecuROM
2010-09-17 18:54 . 2010-09-17 18:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-16 21:29 . 2007-03-15 14:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-09-16 21:29 . 2007-03-12 14:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-09-16 20:55 . 2010-09-16 20:55 -------- d-sh--w- c:\windows\ftpcache
2010-09-16 20:52 . 2001-08-17 11:51 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-09-16 19:00 . 2010-09-16 19:00 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-09-16 18:59 . 2010-09-16 20:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2010-09-16 18:59 . 2010-09-16 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-09-16 15:58 . 2010-09-16 15:58 850448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\updater.dll
2010-09-16 15:58 . 2010-09-16 15:58 850520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\updater.dll
2010-09-12 21:03 . 2010-09-12 22:01 -------- d-----w- c:\program files\Air Conflicts Demo
2010-09-10 19:06 . 2010-09-10 19:11 -------- d-----w- c:\program files\Mv2Player
2010-09-09 17:41 . 2010-09-09 17:41 -------- d-----w- c:\program files\unite
2010-09-09 17:41 . 2010-09-09 17:41 -------- d-----w- c:\program files\ui
2010-09-09 17:41 . 2010-09-09 17:41 -------- d-----w- c:\program files\styles
2010-09-09 17:41 . 2010-09-09 17:41 -------- d-----w- c:\program files\program
2010-09-09 17:41 . 2010-09-09 17:41 -------- d-----w- c:\program files\gstreamer
2010-09-09 17:41 . 2010-09-09 17:41 -------- d-----w- c:\program files\extra
2010-09-09 17:41 . 2010-09-09 17:41 -------- d-----w- c:\program files\skin
2010-09-08 21:30 . 2010-09-18 23:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-09-08 20:21 . 2010-09-08 20:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Graboid_Inc
2010-09-08 20:21 . 2010-09-08 20:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Graboid
2010-09-08 20:20 . 2010-09-08 20:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\MozillaControl
2010-09-08 20:20 . 2010-09-08 20:20 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-09-08 20:19 . 2010-09-08 20:19 -------- d-----w- c:\program files\VideoLAN
2010-09-08 20:19 . 2010-09-08 21:25 -------- d-----w- c:\program files\Graboid
2010-09-07 00:10 . 2010-09-07 00:10 836464 ----a-w- c:\program files\opera.exe
2010-09-07 00:10 . 2010-09-07 00:10 5448560 ----a-w- c:\program files\opera.dll
2010-09-07 00:09 . 2010-09-07 00:09 20480 ----a-w- c:\program files\OUniAnsi.dll
2010-09-07 00:09 . 2010-09-07 00:09 607797 ----a-w- c:\program files\encoding.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 14:16 . 2010-05-22 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-09-25 14:01 . 2010-05-24 19:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-09-16 19:00 . 2010-05-22 19:43 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-16 18:59 . 2010-06-01 22:16 -------- d-----w- c:\program files\DAEMON Tools
2010-09-16 15:52 . 2010-07-31 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-09 17:41 . 2010-08-14 23:08 -------- d-----w- c:\program files\defaults
2010-09-09 17:41 . 2010-08-14 23:08 -------- d-----w- c:\program files\locale
2010-09-07 00:21 . 2010-09-07 00:21 18624 ----a-w- c:\program files\license.rtf
2010-09-06 22:43 . 2010-09-06 22:43 7904 ----a-w- c:\program files\html40_entities.dtd
2010-09-06 22:43 . 2010-09-06 22:43 3870 ----a-w- c:\program files\lngcode.txt
2010-09-06 22:43 . 2010-09-06 22:43 301 ----a-w- c:\program files\c3nform.vxml
2010-09-06 22:43 . 2010-09-06 22:43 59028 ----a-w- c:\program files\mathml.dtd
2010-08-31 20:35 . 2010-05-22 19:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-30 13:13 . 2010-05-22 20:00 -------- d-----w- c:\program files\uTorrent
2010-08-29 21:56 . 2010-08-08 17:39 -------- d-----w- c:\program files\YouTube Downloader
2010-08-18 17:37 . 2010-08-18 17:37 170584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-18 17:37 . 2010-08-18 17:37 340520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-14 23:08 . 2010-08-14 23:08 209 ----a-w- c:\program files\operaprefs_default.ini
2010-08-14 23:05 . 2010-07-20 19:43 -------- d-----w- c:\program files\TeamViewer
2010-08-14 20:38 . 2010-05-22 19:59 -------- d-----w- c:\program files\Opera
2010-08-09 16:13 . 2010-06-18 19:21 -------- d-----w- c:\program files\JoWooD
2010-08-08 07:34 . 2010-08-08 07:34 -------- d-----w- c:\program files\MSXML 6.0
2010-08-08 07:16 . 2010-08-08 07:16 -------- d-----w- c:\program files\MSXML 4.0
2010-08-07 22:08 . 2010-05-22 20:13 67680 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-07 21:29 . 2010-08-07 21:29 -------- d-----w- c:\program files\Realtek AC97
2010-07-31 21:02 . 2010-07-31 21:02 -------- d-----w- c:\program files\Microsoft Works
2010-07-31 20:53 . 2010-07-31 20:53 -------- d-----w- c:\program files\Microsoft.NET
2010-07-31 20:19 . 2010-07-31 20:19 -------- d-----w- c:\program files\MSECache
2010-07-29 16:43 . 2010-05-22 19:37 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 16:43 . 2010-05-22 19:37 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-28 19:31 . 2010-07-28 19:31 44 ----a-w- c:\windows\system32\cpwl32.bin
2010-07-28 19:18 . 2010-05-22 19:45 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-18 10:58 . 2010-07-18 10:58 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-05-22 20:08 . 2010-05-22 20:08 0 --sh--w- c:\windows\S0A391BCA.tmp
.

------- Sigcheck -------

[-] 2007-11-07 . 43A336FC1C015417D981B2D32B27B8FF . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2007-11-07 . E924BFFA379552571CB250E241F14E84 . 544256 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll

[-] 2007-11-07 . E00DFA816FA5521EB44C5D63109DE2A9 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe


c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-05 62976]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerTweak Menu"="c:\windows\system32\mmm.exe" [2005-07-05 828416]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-18 340520]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-05 62976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-05-04 124928]
"NewUser"="c:\windows\System32\NewUser.cmd" [2007-11-07 2475]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Visual Task Tips.lnk - c:\ppapps\VisualTaskTips\VisualTaskTips.exe [2010-5-22 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\opera.exe"=
"i:\\CoH\\RelicCOH.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2501:TCP"= 2501:TCP:htbsaoy

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 21:18 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 19:39 19472]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.5.2010 21:43 697328]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASPI32
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZCman000&ptb=m3__r09Lr2lD4CqlzynY0Q
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
.
.
------- File Associations -------
.
inifile=c:\windows\system32\Notepad2.exe %1
txtfile=c:\windows\system32\Notepad2.exe %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SunJavaUpdateSched - (no file)
AddRemove-dtools - c:\program files\DAEMON Tools\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-09-25 16:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1156)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(480)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\ppapps\VisualTaskTips\VttHooks.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Completion time: 2010-09-25 16:20:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-25 14:20

Pre-Run: 778.493.952 bytes free
Post-Run: 706.940.928 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff

- - End Of File - - DC3B7EA734BCDD756256E682C003A59F

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Da li su ti poznati sledeci folderi? Ako nisu pogledaj sta se nalazi u njimaa.


c:\program files\unite
c:\program files\ui
c:\program files\styles
c:\program files\program
c:\program files\gstreamer
c:\program files\extra
c:\program files\skin

offline
  • Pridružio: 01 Jun 2006
  • Poruke: 53
  • Gde živiš: Paracin

unite-
fileSharing.ua;fridge.ua;home.ua;mediaPlayer.ua;messenger.ua;photoSharing.ua;webserver.ua
ui-
standard_toolbar;standard_menu... configuration settings
styles-
cascading style sheet documents
program-
npddisplay.dll
gstreamer-
dll document
extra-
missingplugin.svg;missingpluginhover.svg
skin-
standard_skin.zip;windows_skin.zip

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

kakvo je sad stanje?

offline
  • Pridružio: 01 Jun 2006
  • Poruke: 53
  • Gde živiš: Paracin

Izvinjavam se,radim neki posao paralelno pa ne vidim poruku na vreme.Odlicno je,sada radi sasvim normalno,kao i pre ovoga sto se desilo.
Hvala najlepse na pomoci.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 675 korisnika na forumu :: 11 registrovanih, 2 sakrivenih i 662 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, drimer, esx66, Kruger, Lazarus, minmatar34957, mrav pesadinac, nick79, vasa.93, VP6919, 125