MyCity » Ambulanta -> Arhiva Ambulante » Problemi sa Generic Host-om part2

Problemi sa Generic Host-om part2

Napisano na dan: 5.2.2009
1

Problemi sa Generic Host-om part2
Sledeća strana Pagination

Idi na vrh

Poslao: 05 Feb 2009 13:13
Idi na vrh
offline
  • Pridružio: 02 Mar 2006
  • Poruke: 108
  • Gde živiš: Nis

Ista pricha, drugi racunar. Problem je gg.exe program koji "puca" i kasnije mi ili restartuje racunar ili ga znatno uspori.
Hvala unapred.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:47, on 5.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RDS\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RDS\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\gg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O17 - HKLM\System\CCS\Services\Tcpip\..\{49B0D46E-7FF8-48B0-8E8F-A51CEB1E5A60}: NameServer = 192.168.1.1,212.200.191.166
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Unknown owner - C:\Program Files\DU Meter\DUMeterSvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8403 bytes



Poslao: 05 Feb 2009 13:19
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8652
  • Gde živiš: Novi Beograd

Isti postupak:

ugasi AV.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 05 Feb 2009 13:31
Idi na vrh
offline
  • Pridružio: 02 Mar 2006
  • Poruke: 108
  • Gde živiš: Nis

[Link mogu videti samo ulogovani korisnici]

ComboFix 09-02-04.04 - korisnik 2009-02-05 13:24:56.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.437 [GMT -8:00]
Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-02-05 13:08 . 2009-02-05 13:08 <DIR> d-------- c:\program files\Trend Micro
2009-02-05 09:54 . 2007-07-06 08:44 65,607 -r-hs---- c:\windows\gg.exe
2009-02-05 09:54 . 2007-07-06 08:44 65,607 -r-hs---- C:\gg.exe
2009-02-03 14:24 . 2009-02-03 14:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\IsolatedStorage
2009-02-03 14:23 . 2009-02-03 14:33 <DIR> d-------- c:\program files\Fakturiranje
2009-02-02 16:31 . 2009-02-02 16:31 <DIR> d-------- c:\documents and settings\korisnik\Application Data\Flock
2009-02-02 16:30 . 2009-02-02 16:40 <DIR> d-------- c:\program files\Flock
2009-01-26 09:55 . 2009-01-26 09:55 <DIR> d-------- c:\documents and settings\korisnik\Application Data\IndigoRose
2009-01-26 09:45 . 2009-01-26 09:55 <DIR> d-------- c:\program files\AutoPlay Media Studio 7.0 Trial
2009-01-26 09:45 . 2009-01-26 09:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-01-26 09:45 . 2009-01-26 09:45 0 --a------ c:\windows\ams70.INI
2009-01-26 09:44 . 2009-01-26 09:44 <DIR> d-------- c:\documents and settings\korisnik\Application Data\Downloaded Installations
2009-01-21 13:42 . 2009-02-04 16:35 2,516 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-21 13:42 . 2009-01-21 13:42 8 -r-hs---- c:\documents and settings\All Users\Application Data\CC04670A92.sys
2009-01-21 13:40 . 2009-01-21 13:40 <DIR> d-------- c:\program files\Common Files\Protexis
2009-01-21 13:40 . 2009-01-21 13:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-21 09:47 . 2009-01-21 14:15 <DIR> d-------- c:\program files\Corel
2009-01-21 09:47 . 2009-01-21 09:47 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-20 16:56 . 2008-10-15 17:00 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-01-20 16:56 . 2008-10-15 17:00 666,112 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-01-20 16:56 . 2008-10-15 17:00 619,520 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-01-20 16:56 . 2008-06-13 03:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-20 16:55 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-20 16:55 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-20 16:55 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-20 16:55 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-20 16:55 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-20 16:55 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-01-20 16:55 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-20 16:55 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-20 16:55 . 2008-05-08 06:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-01-20 16:39 . 2009-01-20 16:39 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-20 16:33 . 2006-12-29 00:31 19,569 --a------ c:\windows\002621_.tmp
2009-01-20 16:29 . 2009-01-20 16:29 <DIR> d-------- c:\windows\EHome
2009-01-19 20:28 . 2006-02-28 04:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-19 17:32 . 2008-12-12 09:01 3,067,904 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-01-19 17:26 . 2008-12-11 02:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-19 17:15 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-19 17:15 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-17 16:54 . 2009-01-17 16:54 <DIR> d-------- c:\program files\ECR Tool
2009-01-14 16:09 . 2009-01-14 16:09 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-01-12 13:15 . 2009-01-21 15:14 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-12 13:15 . 2009-01-21 15:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 17:34 . 2009-01-10 17:34 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-10 17:30 . 2009-01-10 17:30 <DIR> d-------- c:\program files\Real
2009-01-10 17:30 . 2009-01-10 17:33 <DIR> d-------- c:\program files\Common Files\Real
2009-01-10 06:59 . 2009-01-10 07:01 <DIR> d-------- c:\windows\NKCCDViewerSetting
2009-01-05 19:47 . 2009-02-05 11:55 69 --a------ c:\windows\NeroDigital.ini
2009-01-05 12:18 . 2009-01-05 12:18 <DIR> d-------- c:\documents and settings\korisnik\Application Data\Nero
2009-01-05 12:15 . 2009-01-05 12:15 <DIR> d-------- c:\program files\Nero
2009-01-05 12:15 . 2009-01-05 12:17 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-05 12:15 . 2009-01-05 12:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 21:25 --------- d-----w c:\documents and settings\korisnik\Application Data\uTorrent
2009-02-05 20:36 --------- d-----w c:\documents and settings\korisnik\Application Data\AdobeUM
2009-02-05 17:10 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-02 22:30 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-31 19:54 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-29 15:35 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-29 15:35 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-29 15:35 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-21 21:42 --------- d-----w c:\documents and settings\korisnik\Application Data\Corel
2009-01-21 18:17 3,402 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-01-21 03:03 --------- d-----w c:\program files\Adsen FavIcon
2009-01-20 15:58 --------- d-----w c:\documents and settings\korisnik\Application Data\U3
2009-01-12 21:53 --------- d-----w c:\program files\Cliprex DVD Player Professional
2009-01-10 21:07 --------- d-----w c:\program files\RDS
2009-01-10 14:46 --------- d-----w c:\documents and settings\korisnik\Application Data\advantage
2008-12-30 00:00 --------- d-----w c:\program files\uTorrent
2008-12-29 23:29 --------- d-----w c:\program files\No-IP
2008-12-29 23:29 --------- d-----w c:\program files\EasyPHP1-8
2008-12-29 23:16 --------- d-----w c:\program files\ffdshow
2008-12-29 23:16 --------- d-----w c:\program files\advantage
2008-12-29 23:16 --------- d-----w c:\program files\AC3Filter
2008-12-29 19:43 --------- d-----w c:\program files\ABBYY FineReader 8.0 Professional Edition
2008-12-29 18:00 --------- d-----w c:\documents and settings\korisnik\Application Data\ABBYY
2008-12-27 21:33 --------- d-----w c:\program files\Photo!
2008-12-26 20:02 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-26 20:02 --------- d-----w c:\program files\Java
2008-12-25 21:41 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2008-12-25 21:16 --------- d-----w c:\documents and settings\korisnik\Application Data\OpenOffice.org
2008-12-25 21:12 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-25 21:12 --------- d-----w c:\program files\JRE
2008-12-25 21:11 --------- d-----w c:\program files\Common Files\Java
2008-12-25 20:51 --------- d-----w c:\program files\OpenOffice.org_3.0_SDK
2008-12-25 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2008-12-25 20:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 20:12 --------- d-----w c:\program files\Macromedia
2008-12-25 20:12 --------- d-----w c:\program files\Common Files\Macromedia Shared
2008-12-25 20:12 --------- d-----w c:\program files\Common Files\Macromedia
2008-12-22 16:17 --------- d-----w c:\documents and settings\korisnik\Application Data\Winamp
2008-12-19 22:24 118,784 ----a-w c:\windows\GREUninstall.exe
2008-12-17 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-11 23:29 --------- d-----w c:\documents and settings\korisnik\Application Data\Autodesk
2008-12-11 23:28 --------- d-----w c:\program files\AutoCAD 2007
2008-12-11 23:17 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-12-11 23:16 --------- d-----w c:\program files\AnswerWorks 4.0
2008-12-11 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-12-11 23:11 --------- d-----w c:\program files\Autodesk
2008-12-11 19:01 --------- d-----w c:\documents and settings\korisnik\Application Data\Thunderbird
2008-12-11 17:53 --------- d-----w c:\program files\Analog Devices
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 04:22 --------- d-----w c:\program files\MSXML 4.0
2008-12-10 18:55 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-10 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-12-10 17:31 --------- d-----w c:\program files\Common Files\Adobe
2008-12-10 17:25 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-12-10 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-10 15:55 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-12-10 03:39 --------- d-----w c:\program files\Winamp
2008-12-10 01:38 --------- d-----w c:\program files\MSBuild
2008-12-10 01:38 --------- d-----w c:\program files\Microsoft Works
2008-12-10 00:47 --------- d-----w c:\program files\Common Files\RDPrint
2008-12-10 00:47 --------- d-----w c:\program files\Common Files\Rdh Shared2
2008-12-10 00:11 --------- d-----w c:\program files\AVG
2008-12-09 22:30 --------- d-----w c:\program files\VIA Technologies, Inc
2008-12-09 20:36 --------- d-----w c:\program files\microsoft frontpage
2008-12-29 23:16 227,696 ----a-w c:\program files\mozilla firefox\components\AdVComponent.dll
2007-07-06 16:44 65,607 --sh--r c:\windows\gg.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"JobHisInit"="c:\program files\RDS\RMClient\JobHisInit.exe" [2007-08-30 229481]
"MplSetUp"="c:\program files\RDS\RMClient\MplSetUp.exe" [2007-08-30 49254]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-10 185896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"ctfmon.exe"="c:\windows\gg.exe" [2007-07-06 65607]
"nwiz"="nwiz.exe" [2006-11-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\korisnik\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 07:35 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-09 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-09 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService --> c:\program files\DU Meter\DUMeterSvc.exe [?]
S2 jdfpaq;Time Manager;c:\windows\system32\svchost.exe -k netsvcs [2006-02-28 14336]
S3 Vsp;Vsp;\??\c:\windows\system32\drivers\Vsp.sys --> c:\windows\system32\drivers\Vsp.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jdfpaq

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a1804fc-db67-11dd-94f3-040404040404}]
\Shell\AutoRun\command - G:\gg.exe 0o
\Shell\explore\Command - G:\gg.exe 0e
\Shell\open\Command - G:\gg.exe 0o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de8c68b2-f3be-11dd-853b-040404040404}]
\Shell\AutoRun\command - G:\gg.exe 0o
\Shell\explore\Command - G:\gg.exe 0e
\Shell\open\Command - G:\gg.exe 0o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e880d36c-f39c-11dd-853a-040404040404}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\\webhbts.dll,InstallM
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {49B0D46E-7FF8-48B0-8E8F-A51CEB1E5A60} = 192.168.1.1,212.200.191.166
FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\m6nmoggc.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\AdVComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-02-05 13:27:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jdfpaq]
"ServiceDll"="c:\windows\system32\hjeema.dll"
.
Completion time: 2009-02-05 13:28:24
ComboFix-quarantined-files.txt 2009-02-05 21:28:21
ComboFix2.txt 2009-02-04 20:41:35

Pre-Run: 933.629.952 bytes free
Post-Run: 910,172,160 bytes free

232 --- E O F --- 2009-01-22 17:31:41

Poslao: 05 Feb 2009 16:41
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8652
  • Gde živiš: Novi Beograd

Javim se kasnije, sad sam smoren.

A, ti postavi i treci log, od treceg kompa.

Dopuna: 05 Feb 2009 16:41

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\gg.exe
C:\gg.exe
c:\windows\system32\hjeema.dll

Driver::
jdfpaq

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a1804fc-db67-11dd-94f3-040404040404}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de8c68b2-f3be-11dd-853b-040404040404}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e880d36c-f39c-11dd-853a-040404040404}]

NetSvc::
jdfpaq

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 06 Feb 2009 10:07
Idi na vrh
offline
  • Pridružio: 02 Mar 2006
  • Poruke: 108
  • Gde živiš: Nis

ComboFix 09-02-05.02 - korisnik 2009-02-06 9:57:16.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.454 [GMT -8:00]
Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\korisnik\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
C:\gg.exe
c:\windows\gg.exe
c:\windows\system32\hjeema.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\gg.exe
c:\windows\gg.exe
c:\windows\system32\hjeema.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JDFPAQ
-------\Service_jdfpaq


((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.

2009-02-05 13:08 . 2009-02-05 13:08 <DIR> d-------- c:\program files\Trend Micro
2009-02-03 14:24 . 2009-02-03 14:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\IsolatedStorage
2009-02-03 14:23 . 2009-02-03 14:33 <DIR> d-------- c:\program files\Fakturiranje
2009-02-02 16:31 . 2009-02-02 16:31 <DIR> d-------- c:\documents and settings\korisnik\Application Data\Flock
2009-02-02 16:30 . 2009-02-02 16:40 <DIR> d-------- c:\program files\Flock
2009-01-26 09:55 . 2009-01-26 09:55 <DIR> d-------- c:\documents and settings\korisnik\Application Data\IndigoRose
2009-01-26 09:45 . 2009-01-26 09:55 <DIR> d-------- c:\program files\AutoPlay Media Studio 7.0 Trial
2009-01-26 09:45 . 2009-01-26 09:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-01-26 09:45 . 2009-01-26 09:45 0 --a------ c:\windows\ams70.INI
2009-01-26 09:44 . 2009-01-26 09:44 <DIR> d-------- c:\documents and settings\korisnik\Application Data\Downloaded Installations
2009-01-21 13:42 . 2009-02-06 09:21 2,516 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-21 13:42 . 2009-01-21 13:42 8 -r-hs---- c:\documents and settings\All Users\Application Data\CC04670A92.sys
2009-01-21 13:40 . 2009-01-21 13:40 <DIR> d-------- c:\program files\Common Files\Protexis
2009-01-21 13:40 . 2009-01-21 13:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-21 09:47 . 2009-01-21 14:15 <DIR> d-------- c:\program files\Corel
2009-01-21 09:47 . 2009-01-21 09:47 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-20 16:56 . 2008-10-15 17:00 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-01-20 16:56 . 2008-10-15 17:00 666,112 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-01-20 16:56 . 2008-10-15 17:00 619,520 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-01-20 16:56 . 2008-06-13 03:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-20 16:55 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-20 16:55 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-20 16:55 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-20 16:55 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-20 16:55 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-20 16:55 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-01-20 16:55 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-20 16:55 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-20 16:55 . 2008-05-08 06:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-01-20 16:39 . 2009-01-20 16:39 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-20 16:33 . 2006-12-29 00:31 19,569 --a------ c:\windows\002621_.tmp
2009-01-20 16:29 . 2009-01-20 16:29 <DIR> d-------- c:\windows\EHome
2009-01-19 20:28 . 2006-02-28 04:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-19 17:32 . 2008-12-12 09:01 3,067,904 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-01-19 17:26 . 2008-12-11 02:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-19 17:15 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-19 17:15 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-17 16:54 . 2009-01-17 16:54 <DIR> d-------- c:\program files\ECR Tool
2009-01-14 16:09 . 2009-01-14 16:09 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-01-12 13:15 . 2009-01-21 15:14 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-12 13:15 . 2009-01-21 15:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 17:34 . 2009-01-10 17:34 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-10 17:30 . 2009-01-10 17:30 <DIR> d-------- c:\program files\Real
2009-01-10 17:30 . 2009-01-10 17:33 <DIR> d-------- c:\program files\Common Files\Real
2009-01-10 06:59 . 2009-01-10 07:01 <DIR> d-------- c:\windows\NKCCDViewerSetting

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 17:40 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-06 16:49 --------- d-----w c:\documents and settings\korisnik\Application Data\U3
2009-02-06 04:32 --------- d-----w c:\documents and settings\korisnik\Application Data\uTorrent
2009-02-05 23:46 --------- d-----w c:\documents and settings\korisnik\Application Data\AdobeUM
2009-02-02 22:30 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-31 19:54 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-29 15:35 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-29 15:35 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-21 21:42 --------- d-----w c:\documents and settings\korisnik\Application Data\Corel
2009-01-21 03:03 --------- d-----w c:\program files\Adsen FavIcon
2009-01-12 21:53 --------- d-----w c:\program files\Cliprex DVD Player Professional
2009-01-10 21:07 --------- d-----w c:\program files\RDS
2009-01-10 14:46 --------- d-----w c:\documents and settings\korisnik\Application Data\advantage
2009-01-05 20:18 --------- d-----w c:\documents and settings\korisnik\Application Data\Nero
2009-01-05 20:17 --------- d-----w c:\program files\Common Files\Nero
2009-01-05 20:15 --------- d-----w c:\program files\Nero
2009-01-05 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-30 00:00 --------- d-----w c:\program files\uTorrent
2008-12-29 23:29 --------- d-----w c:\program files\No-IP
2008-12-29 23:29 --------- d-----w c:\program files\EasyPHP1-8
2008-12-29 23:16 --------- d-----w c:\program files\ffdshow
2008-12-29 23:16 --------- d-----w c:\program files\advantage
2008-12-29 23:16 --------- d-----w c:\program files\AC3Filter
2008-12-29 19:43 --------- d-----w c:\program files\ABBYY FineReader 8.0 Professional Edition
2008-12-29 18:00 --------- d-----w c:\documents and settings\korisnik\Application Data\ABBYY
2008-12-27 21:33 --------- d-----w c:\program files\Photo!
2008-12-26 20:02 --------- d-----w c:\program files\Java
2008-12-25 21:41 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2008-12-25 21:16 --------- d-----w c:\documents and settings\korisnik\Application Data\OpenOffice.org
2008-12-25 21:12 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-25 21:12 --------- d-----w c:\program files\JRE
2008-12-25 21:11 --------- d-----w c:\program files\Common Files\Java
2008-12-25 20:51 --------- d-----w c:\program files\OpenOffice.org_3.0_SDK
2008-12-25 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2008-12-25 20:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 20:12 --------- d-----w c:\program files\Macromedia
2008-12-25 20:12 --------- d-----w c:\program files\Common Files\Macromedia Shared
2008-12-25 20:12 --------- d-----w c:\program files\Common Files\Macromedia
2008-12-22 16:17 --------- d-----w c:\documents and settings\korisnik\Application Data\Winamp
2008-12-19 22:24 118,784 ----a-w c:\windows\GREUninstall.exe
2008-12-17 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-11 23:29 --------- d-----w c:\documents and settings\korisnik\Application Data\Autodesk
2008-12-11 23:28 --------- d-----w c:\program files\AutoCAD 2007
2008-12-11 23:17 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-12-11 23:16 --------- d-----w c:\program files\AnswerWorks 4.0
2008-12-11 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-12-11 23:11 --------- d-----w c:\program files\Autodesk
2008-12-11 19:01 --------- d-----w c:\documents and settings\korisnik\Application Data\Thunderbird
2008-12-11 17:53 --------- d-----w c:\program files\Analog Devices
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 04:22 --------- d-----w c:\program files\MSXML 4.0
2008-12-10 18:55 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-10 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-12-10 17:31 --------- d-----w c:\program files\Common Files\Adobe
2008-12-10 17:25 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-12-10 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-10 15:55 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-12-10 03:39 --------- d-----w c:\program files\Winamp
2008-12-10 01:38 --------- d-----w c:\program files\MSBuild
2008-12-10 01:38 --------- d-----w c:\program files\Microsoft Works
2008-12-10 00:47 --------- d-----w c:\program files\Common Files\RDPrint
2008-12-10 00:47 --------- d-----w c:\program files\Common Files\Rdh Shared2
2008-12-10 00:11 --------- d-----w c:\program files\AVG
2008-12-09 22:30 --------- d-----w c:\program files\VIA Technologies, Inc
2008-12-09 20:36 --------- d-----w c:\program files\microsoft frontpage
2008-12-29 23:16 227,696 ----a-w c:\program files\mozilla firefox\components\AdVComponent.dll
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici],56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-02-06 18:00:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_390.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"JobHisInit"="c:\program files\RDS\RMClient\JobHisInit.exe" [2007-08-30 229481]
"MplSetUp"="c:\program files\RDS\RMClient\MplSetUp.exe" [2007-08-30 49254]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-10 185896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"nwiz"="nwiz.exe" [2006-11-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\korisnik\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 07:35 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-09 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-09 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService --> c:\program files\DU Meter\DUMeterSvc.exe [?]
S2 zoaju;Support Task;c:\windows\system32\svchost.exe -k netsvcs [2006-02-28 14336]
S3 Vsp;Vsp;\??\c:\windows\system32\drivers\Vsp.sys --> c:\windows\system32\drivers\Vsp.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ZOAJU

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zoaju

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73d29e97-ceb9-11dd-97ec-002191176937}]
\Shell\AutoRun\command - G:\gg.exe 0o
\Shell\explore\Command - G:\gg.exe 0e
\Shell\open\Command - G:\gg.exe 0o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d16144-f46a-11dd-853c-040404040404}]
\Shell\AutoRun\command - G:\gg.exe 0o
\Shell\explore\Command - G:\gg.exe 0e
\Shell\open\Command - G:\gg.exe 0o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d16146-f46a-11dd-853c-040404040404}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d16147-f46a-11dd-853c-040404040404}]
\Shell\AutoRun\command - H:\gg.exe 0o
\Shell\explore\Command - H:\gg.exe 0e
\Shell\open\Command - H:\gg.exe 0o
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ctfmon.exe - c:\windows\gg.exe


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {49B0D46E-7FF8-48B0-8E8F-A51CEB1E5A60} = 192.168.1.1,212.200.191.166
FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\m6nmoggc.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\AdVComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-02-06 10:01:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zoaju]
"ServiceDll"="c:\windows\system32\hjeema.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-02-06 10:03:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-06 18:03:19
ComboFix2.txt 2009-02-05 21:28:26
ComboFix3.txt 2009-02-04 20:41:35

Pre-Run: 2.116.591.616 bytes free
Post-Run: 1,992,675,328 bytes free

272 --- E O F --- 2009-01-22 17:31:41


Treci log cu postovati danas popodne, pa kad imas vremena, taj nije uopste toliko bitan. Hvala jos jednom.

Poslao: 07 Feb 2009 11:53
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8652
  • Gde živiš: Novi Beograd

Uploaduj mi sledeci fajl:

c:\program files\Mozilla Firefox\components\AdVComponent.dll

preko sledeceg linka:

[Link mogu videti samo ulogovani korisnici]

Poslao: 07 Feb 2009 12:21
Idi na vrh
offline
  • Pridružio: 02 Mar 2006
  • Poruke: 108
  • Gde živiš: Nis

Uploadovao.

Poslao: 07 Feb 2009 12:46
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8652
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\hjeema.dll

Driver::
zoaju

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73d29e97-ceb9-11dd-97ec-002191176937}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d16144-f46a-11dd-853c-040404040404}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d16147-f46a-11dd-853c-040404040404}]

NetSvc::
zoaju


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 07 Feb 2009 15:33
Idi na vrh
offline
  • Pridružio: 02 Mar 2006
  • Poruke: 108
  • Gde živiš: Nis

ComboFix 09-02-06.02 - korisnik 2009-02-07 15:24:04.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.574 [GMT -8:00]
Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\korisnik\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\hjeema.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZOAJU
-------\Service_zoaju


((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-06 12:27 . 2009-02-06 12:57 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-06 11:05 . 2007-07-06 08:44 65,607 -r-hs---- c:\windows\gg.exe
2009-02-06 11:05 . 2007-07-06 08:44 65,607 -r-hs---- C:\gg.exe
2009-02-05 13:08 . 2009-02-05 13:08 <DIR> d-------- c:\program files\Trend Micro
2009-02-03 14:24 . 2009-02-03 14:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\IsolatedStorage
2009-02-03 14:23 . 2009-02-03 14:33 <DIR> d-------- c:\program files\Fakturiranje
2009-02-02 16:31 . 2009-02-02 16:31 <DIR> d-------- c:\documents and settings\korisnik\Application Data\Flock
2009-02-02 16:30 . 2009-02-06 16:34 <DIR> d-------- c:\program files\Flock
2009-01-26 09:55 . 2009-01-26 09:55 <DIR> d-------- c:\documents and settings\korisnik\Application Data\IndigoRose
2009-01-26 09:45 . 2009-01-26 09:55 <DIR> d-------- c:\program files\AutoPlay Media Studio 7.0 Trial
2009-01-26 09:45 . 2009-01-26 09:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-01-26 09:45 . 2009-01-26 09:45 0 --a------ c:\windows\ams70.INI
2009-01-26 09:44 . 2009-01-26 09:44 <DIR> d-------- c:\documents and settings\korisnik\Application Data\Downloaded Installations
2009-01-21 13:42 . 2009-02-07 11:08 2,516 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-21 13:42 . 2009-01-21 13:42 8 -r-hs---- c:\documents and settings\All Users\Application Data\CC04670A92.sys
2009-01-21 13:40 . 2009-01-21 13:40 <DIR> d-------- c:\program files\Common Files\Protexis
2009-01-21 13:40 . 2009-01-21 13:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-21 09:47 . 2009-01-21 14:15 <DIR> d-------- c:\program files\Corel
2009-01-21 09:47 . 2009-01-21 09:47 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-20 16:56 . 2008-10-15 17:00 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-01-20 16:56 . 2008-10-15 17:00 666,112 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-01-20 16:56 . 2008-10-15 17:00 619,520 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-01-20 16:56 . 2008-06-13 03:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-20 16:55 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-20 16:55 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-20 16:55 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-20 16:55 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-20 16:55 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-20 16:55 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-01-20 16:55 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-20 16:55 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-20 16:55 . 2008-05-08 06:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-01-20 16:39 . 2009-01-20 16:39 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-20 16:33 . 2006-12-29 00:31 19,569 --a------ c:\windows\002621_.tmp
2009-01-20 16:29 . 2009-01-20 16:29 <DIR> d-------- c:\windows\EHome
2009-01-19 20:28 . 2006-02-28 04:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-19 17:32 . 2008-12-12 09:01 3,067,904 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-01-19 17:26 . 2008-12-11 02:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-19 17:15 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-19 17:15 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-17 16:54 . 2009-01-17 16:54 <DIR> d-------- c:\program files\ECR Tool
2009-01-14 16:09 . 2009-01-14 16:09 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-01-12 13:15 . 2009-01-21 15:14 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-12 13:15 . 2009-01-21 15:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 17:34 . 2009-01-10 17:34 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-10 17:30 . 2009-01-10 17:30 <DIR> d-------- c:\program files\Real
2009-01-10 17:30 . 2009-01-10 17:33 <DIR> d-------- c:\program files\Common Files\Real
2009-01-10 06:59 . 2009-01-10 07:01 <DIR> d-------- c:\windows\NKCCDViewerSetting

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 22:52 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-07 22:45 --------- d-----w c:\documents and settings\korisnik\Application Data\AdobeUM
2009-02-06 21:58 --------- d-----w c:\documents and settings\korisnik\Application Data\uTorrent
2009-02-06 16:49 --------- d-----w c:\documents and settings\korisnik\Application Data\U3
2009-02-02 22:30 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-31 19:54 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-29 15:35 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-29 15:35 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-29 15:35 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-21 21:42 --------- d-----w c:\documents and settings\korisnik\Application Data\Corel
2009-01-21 18:17 3,402 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-01-21 03:03 --------- d-----w c:\program files\Adsen FavIcon
2009-01-12 21:53 --------- d-----w c:\program files\Cliprex DVD Player Professional
2009-01-10 21:07 --------- d-----w c:\program files\RDS
2009-01-10 14:46 --------- d-----w c:\documents and settings\korisnik\Application Data\advantage
2009-01-05 20:18 --------- d-----w c:\documents and settings\korisnik\Application Data\Nero
2009-01-05 20:17 --------- d-----w c:\program files\Common Files\Nero
2009-01-05 20:15 --------- d-----w c:\program files\Nero
2009-01-05 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-30 00:00 --------- d-----w c:\program files\uTorrent
2008-12-29 23:29 --------- d-----w c:\program files\No-IP
2008-12-29 23:29 --------- d-----w c:\program files\EasyPHP1-8
2008-12-29 23:16 --------- d-----w c:\program files\ffdshow
2008-12-29 23:16 --------- d-----w c:\program files\advantage
2008-12-29 23:16 --------- d-----w c:\program files\AC3Filter
2008-12-29 19:43 --------- d-----w c:\program files\ABBYY FineReader 8.0 Professional Edition
2008-12-29 18:00 --------- d-----w c:\documents and settings\korisnik\Application Data\ABBYY
2008-12-27 21:33 --------- d-----w c:\program files\Photo!
2008-12-26 20:02 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-26 20:02 --------- d-----w c:\program files\Java
2008-12-25 21:41 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2008-12-25 21:16 --------- d-----w c:\documents and settings\korisnik\Application Data\OpenOffice.org
2008-12-25 21:12 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-25 21:12 --------- d-----w c:\program files\JRE
2008-12-25 21:11 --------- d-----w c:\program files\Common Files\Java
2008-12-25 20:51 --------- d-----w c:\program files\OpenOffice.org_3.0_SDK
2008-12-25 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2008-12-25 20:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 20:12 --------- d-----w c:\program files\Macromedia
2008-12-25 20:12 --------- d-----w c:\program files\Common Files\Macromedia Shared
2008-12-25 20:12 --------- d-----w c:\program files\Common Files\Macromedia
2008-12-22 16:17 --------- d-----w c:\documents and settings\korisnik\Application Data\Winamp
2008-12-19 22:24 118,784 ----a-w c:\windows\GREUninstall.exe
2008-12-17 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-11 23:29 --------- d-----w c:\documents and settings\korisnik\Application Data\Autodesk
2008-12-11 23:28 --------- d-----w c:\program files\AutoCAD 2007
2008-12-11 23:17 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-12-11 23:16 --------- d-----w c:\program files\AnswerWorks 4.0
2008-12-11 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-12-11 23:11 --------- d-----w c:\program files\Autodesk
2008-12-11 19:01 --------- d-----w c:\documents and settings\korisnik\Application Data\Thunderbird
2008-12-11 17:53 --------- d-----w c:\program files\Analog Devices
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 04:22 --------- d-----w c:\program files\MSXML 4.0
2008-12-10 18:55 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-10 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-12-10 17:31 --------- d-----w c:\program files\Common Files\Adobe
2008-12-10 17:25 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-12-10 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-10 15:55 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-12-10 03:39 --------- d-----w c:\program files\Winamp
2008-12-10 01:38 --------- d-----w c:\program files\MSBuild
2008-12-10 01:38 --------- d-----w c:\program files\Microsoft Works
2008-12-10 00:47 --------- d-----w c:\program files\Common Files\RDPrint
2008-12-10 00:47 --------- d-----w c:\program files\Common Files\Rdh Shared2
2008-12-10 00:11 --------- d-----w c:\program files\AVG
2008-12-09 22:30 --------- d-----w c:\program files\VIA Technologies, Inc
2008-12-09 20:36 --------- d-----w c:\program files\microsoft frontpage
2008-12-29 23:16 227,696 ----a-w c:\program files\mozilla firefox\components\AdVComponent.dll
2007-07-06 16:44 65,607 --sh--r c:\windows\gg.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"JobHisInit"="c:\program files\RDS\RMClient\JobHisInit.exe" [2007-08-30 229481]
"MplSetUp"="c:\program files\RDS\RMClient\MplSetUp.exe" [2007-08-30 49254]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-10 185896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"ctfmon.exe"="c:\windows\gg.exe" [2007-07-06 65607]
"nwiz"="nwiz.exe" [2006-11-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\korisnik\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 07:35 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\gg.exe"=
"c:\\Program Files\\RDS\\RView.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-09 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-09 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService --> c:\program files\DU Meter\DUMeterSvc.exe [?]
S3 Vsp;Vsp;\??\c:\windows\system32\drivers\Vsp.sys --> c:\windows\system32\drivers\Vsp.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f1e1be-f551-11dd-8541-040404040404}]
\Shell\AutoRun\command - G:\2fiji.com
\Shell\explore\Command - G:\2fiji.com
\Shell\open\Command - G:\2fiji.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f1e1c3-f551-11dd-8541-040404040404}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\\odbg16gt.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18d47a8c-f479-11dd-853d-040404040404}]
\Shell\AutoRun\command - gg.exe 0o
\Shell\explore\Command - gg.exe 0e
\Shell\open\Command - gg.exe 0o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18d47a90-f479-11dd-853d-040404040404}]
\Shell\AutoRun\command - gg.exe 0o
\Shell\explore\Command - gg.exe 0e
\Shell\open\Command - gg.exe 0o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d16146-f46a-11dd-853c-040404040404}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9df5a3c4-f52d-11dd-8540-040404040404}]
\Shell\AutoRun\command - G:\gg.exe 0o
\Shell\explore\Command - G:\gg.exe 0e
\Shell\open\Command - G:\gg.exe 0o
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {49B0D46E-7FF8-48B0-8E8F-A51CEB1E5A60} = 192.168.1.1,212.200.191.166
FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\m6nmoggc.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\AdVComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-02-07 15:27:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\fxssvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-02-07 15:30:05 - machine was rebooted [korisnik]
ComboFix-quarantined-files.txt 2009-02-07 23:30:03

Pre-Run: 14.296.068.096 bytes free
Post-Run: 12,612,071,424 bytes free

265 --- E O F --- 2009-01-22 17:31:41

Poslao: 08 Feb 2009 17:02
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8652
  • Gde živiš: Novi Beograd

Iskljuci AV.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\gg.exe
C:\gg.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f1e1be-f551-11dd-8541-040404040404}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f1e1c3-f551-11dd-8541-040404040404}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18d47a8c-f479-11dd-853d-040404040404}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18d47a90-f479-11dd-853d-040404040404}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9df5a3c4-f52d-11dd-8540-040404040404}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\gg.exe"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

MyCity » Ambulanta -> Arhiva Ambulante » Problemi sa Generic Host-om part2

Ko je trenutno na forumu
 

Ukupno su 1128 korisnika na forumu :: 161 registrovanih, 19 sakrivenih i 948 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 037, 1MAP, 357magnum, ajo baba, Aleksandar Šljivar, alex71, Alojzije, Apok, Armadillo, asdfjklc, Asteker, Avladi, babaroga, bato_banjaluka, Bbbggg1979, bgs, bigfoot, blues100, Boban0312, bokicacar, boro975, Boroš, Bosnjo, branko7, cekic, celt, ceman, croato, DalmatinacMF, darcaud, dd201176, deki1001, Dimitrije Paunovic, djonsule, DJUNTA, Dovla 1980, draganca, draganche.rs, Dungorth, duro1990duro, Dvojac005, ElvisP, Ercomero, Fliper, FOX, Georgius, Glavni Oružni, goran.vvv, gost321, herrDule, igorkozar83, Imprimatur, Insan, IpMan, Istman, ivan1973, Ivoo, Jan, JOntra, K-1A, kaisarevic1, krasta, krkalon, Kruger, kunktator, ladro, laurusri, lcc, lekso, Leonov, LUDI, m94j, MaCS, maksi007, Malibeli, MarkoJ-Nis, MarsRed, MaschinenPistole, mexo, Mi lao shu, milbos, Miler88, MiljanXD, milos.cbr, milos97, mist-mist, MoscowBeast, mrkanidja, Muki 123, mux, Nebojsa81, nekdo, nemkea71, nixos, Njubara, nobutado, Nomica, oblivion, Ognjen D., OgnjenMitric, Orc, Pale2025, Papadubi, Parker, pds, Pekman, Pero Petković, Petarvu, pfc74, pisac12, Plavi Jadran, prikolica, Pururin, rajkoplje, raptorsi, raster12, Ray1973, RED4G-304, RJ, royst33, SamoGledam, samojednoimeznam, Semberija, Semprini, Sevatar, shaja1, Siti2, Smiljkovich, Snorks, sombrero, Sr.Stat., stagezin, stalja, Stefan M, steksi, svetleći, svnedelja, tamno.nebo, tanakadzo, TheDictator, tomo2, Topaz9, trutcina, Tvrtko I, Vanderx, veljko82, vidra1, Vlada76, vlajkox, VPV, vuksa72, vzd1389, XBMC, Zdenko, zdrebac, Zec, zexon, Zimbabwe, zule2, zziko, 1107