Spor racunar

1

Spor racunar

offline
  • Pridružio: 13 Apr 2008
  • Poruke: 79
  • Gde živiš: Republika Srpska

Racunar mi je u posljednje vrijeme znatno usporio sa radom. Volio bih da mi provjerite da nije zarazen.



DDS (Ver_10-03-17.01) - NTFSx86
Run by PC at 12:25:21,31 on 06/09/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1250.387.1033.18.510.40 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\CDFBVH23\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uURLSearchHooks: compliance 54328 Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: compliance 54328 Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: compliance 54328 Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\mdt6\AcDcToday.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\mdt6\InstBanr.ocx
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://c:\program files\mdt6\InstFred.ocx
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\mdt6\AcPreview.ocx
TCP: {63495B67-A54F-4C8A-A199-C8729D66C5E2} = 81.93.64.1,81.93.64.6
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: cryptnet32 - cryptnet32.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc\applic~1\mozilla\firefox\profiles\59kqsslm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1392740&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1392740&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\pc\application data\mozilla\firefox\profiles\59kqsslm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\pc\application data\mozilla\firefox\profiles\59kqsslm.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-9-2 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-9-2 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-10 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-9-2 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-9-2 116784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-1 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100903.003\IDSXpx86.sys [2010-9-6 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100905.003\NAVENG.SYS [2010-9-6 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100905.003\NAVEX15.SYS [2010-9-6 1362608]

============== File Associations ===============

.scr=AOEMViewScriptFile

=============== Created Last 30 ================


==================== Find3M ====================

2010-06-28 11:17:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-28 11:17:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2008-10-15 18:31:06 599730 ----a-w- c:\program files\PODESAVANJE ACCESSA.bmp

============= FINISH: 12:26:37,10 ===============


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav i dobro dosao u Ambulantu MyCity foruma.



U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK








-------------------------------------------------------------------------------------

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.





goran9888 (AMF Tim)

offline
  • Pridružio: 13 Apr 2008
  • Poruke: 79
  • Gde živiš: Republika Srpska

ComboFix 10-09-06.04 - PC 07/09/2010 12:28:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.387.1033.18.510.214 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Favorites\_favdata.dat
c:\windows\abicukal.dll
c:\windows\acivofamana.dll
c:\windows\acucakihevat.dll
c:\windows\acuvowiy.dll
c:\windows\adesidubadi.dll
c:\windows\afedifemeyu.dll
c:\windows\afezufazemizu.dll
c:\windows\afogohewat.dll
c:\windows\afuzemizufaze.dll
c:\windows\agedepig.dll
c:\windows\agevifukifuriz.dll
c:\windows\aginuver.dll
c:\windows\agiyujupiliyojo.dll
c:\windows\ahibogebuteboyo.dll
c:\windows\ahubereriyon.dll
c:\windows\ajokoposit.dll
c:\windows\ajumodet.dll
c:\windows\akabacagayusaq.dll
c:\windows\alaleyocozof.dll
c:\windows\alirigeg.dll
c:\windows\anazakoboxa.dll
c:\windows\anigikewejoguxa.dll
c:\windows\aqimukimu.dll
c:\windows\aqopiyecif.dll
c:\windows\aracinex.dll
c:\windows\arolamufoyemuyos.dll
c:\windows\asejesaz.dll
c:\windows\atabosuyegan.dll
c:\windows\atopukog.dll
c:\windows\atoyiwog.dll
c:\windows\avejepopepacu.dll
c:\windows\aviqojun.dll
c:\windows\awegidixenibek.dll
c:\windows\axavapuzegixoret.dll
c:\windows\axeqavivamebope.dll
c:\windows\axuxijum.dll
c:\windows\ayayogom.dll
c:\windows\ayiwopozekawe.dll
c:\windows\ayowiqin.dll
c:\windows\azabiweyifegizut.dll
c:\windows\azekozehujoju.dll
c:\windows\azoyanamisuno.dll
c:\windows\eburisoh.dll
c:\windows\ecubofepohebafi.dll
c:\windows\edoyakiwiki.dll
c:\windows\efazupewadageqe.dll
c:\windows\efuxuqotolixaqa.dll
c:\windows\ehumisabamomigo.dll
c:\windows\ehuyukejubetov.dll
c:\windows\ejujegozuxe.dll
c:\windows\ekabepaguh.dll
c:\windows\ekubisovuni.dll
c:\windows\emudigib.dll
c:\windows\epumisabamo.dll
c:\windows\epuqevemiteduzu.dll
c:\windows\esekinemerokoni.dll
c:\windows\etetijihanoti.dll
c:\windows\ewivapuz.dll
c:\windows\exedanawozavu.dll
c:\windows\eyijihumevixipa.dll
c:\windows\eyowiqinoq.dll
c:\windows\ezoyanam.dll
c:\windows\ibetomobuni.dll
c:\windows\iguxitig.dll
c:\windows\ijesoxeb.dll
c:\windows\ijuxonug.dll
c:\windows\imodutibofepo.dll
c:\windows\iracinexilahet.dll
c:\windows\irijokesiy.dll
c:\windows\irixubigaxelayot.dll
c:\windows\isekinem.dll
c:\windows\isetexet.dll
c:\windows\itarigegopep.dll
c:\windows\ivatafap.dll
c:\windows\iwapemiyuv.dll
c:\windows\iwijegigududibot.dll
c:\windows\ixetulusasiy.dll
c:\windows\iyazonus.dll
c:\windows\iyuqocubalepi.dll
c:\windows\izogerudanesu.dll
c:\windows\obuxevoyoh.dll
c:\windows\ocijulowu.dll
c:\windows\ogalukig.dll
c:\windows\ohajodohujeh.dll
c:\windows\okibuhogeh.dll
c:\windows\omovakadevipeji.dll
c:\windows\onabuteboyo.dll
c:\windows\onetamewiga.dll
c:\windows\onidizir.dll
c:\windows\onoyoyam.dll
c:\windows\opoqayisa.dll
c:\windows\opuxezib.dll
c:\windows\oqimukimupewu.dll
c:\windows\orazimimimesu.dll
c:\windows\osemokekegasudev.dll
c:\windows\osofotizi.dll
c:\windows\owijegig.dll
c:\windows\owudotexaqak.dll
c:\windows\oxifaneyafiseq.dll
c:\windows\oxoyumogav.dll
c:\windows\oyimohag.dll
c:\windows\system32\crt.dat
c:\windows\system32\shimg.dll
c:\windows\ucarisubacaxo.dll
c:\windows\ucaxiyalogujage.dll
c:\windows\ucunuveruqap.dll
c:\windows\ucutonudowubu.dll
c:\windows\udesidub.dll
c:\windows\ufiyucuce.dll
c:\windows\uguzinufewor.dll
c:\windows\uhacemuvapo.dll
c:\windows\uhokurub.dll
c:\windows\ujigagim.dll
c:\windows\ujufadufodiz.dll
c:\windows\ukirigegopepubit.dll
c:\windows\umabifuy.dll
c:\windows\umarujomurarana.dll
c:\windows\umaseqovaruyuqi.dll
c:\windows\unewowohonevoz.dll
c:\windows\upesuzogerutew.dll
c:\windows\uqujumafu.dll
c:\windows\urihuziq.dll
c:\windows\urimigobaba.dll
c:\windows\urudayiy.dll
c:\windows\usicadisa.dll
c:\windows\utekebegukoposit.dll
c:\windows\utopukogibuxidet.dll
c:\windows\utoteroy.dll
c:\windows\uviqojunehohice.dll
c:\windows\uworirifejelapel.dll
c:\windows\uxetobab.dll
c:\windows\uzafafahin.dll
c:\windows\uzamilapeyamole.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.

2010-09-07 09:56 . 2010-08-30 12:33 43008 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-07 09:56 . 2010-08-30 12:33 338944 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-07 09:56 . 2010-08-30 12:33 346112 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-07 09:56 . 2010-08-30 12:34 1496064 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-02 06:01 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-09-02 06:01 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-09-02 06:01 . 2009-10-15 03:50 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-09-02 06:01 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-09-02 06:01 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-09-02 06:01 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-09-01 10:17 . 2010-09-01 10:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-01 10:17 . 2010-09-01 10:17 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-01 10:17 . 2010-09-01 10:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-01 10:17 . 2010-09-01 10:17 -------- d-----w- c:\program files\Symantec
2010-09-01 10:15 . 2010-09-03 05:22 -------- d-----w- c:\windows\system32\drivers\NIS
2010-09-01 10:15 . 2010-09-01 10:15 -------- d-----w- c:\program files\Norton Internet Security
2010-09-01 10:15 . 2010-09-01 10:15 -------- d-----w- c:\program files\Windows Sidebar
2010-09-01 10:15 . 2010-09-01 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-09-01 10:15 . 2010-09-01 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-09-01 10:15 . 2010-09-01 10:15 -------- d-----w- c:\program files\NortonInstaller
2010-09-01 09:39 . 2010-09-01 09:39 -------- d-----w- c:\documents and settings\PC\Application Data\URSoft
2010-09-01 09:39 . 2010-09-01 09:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-01 09:38 . 2010-09-01 09:38 -------- d-----w- c:\program files\Your Uninstaller 2008
2010-08-31 09:00 . 2010-08-31 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-30 06:51 . 2010-08-30 06:56 -------- d-----w- C:\sneki

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 10:17 . 2010-09-01 10:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-01 10:17 . 2010-09-01 10:17 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-01 09:45 . 2009-02-27 08:05 -------- d-----w- c:\program files\Kaspersky Lab
2010-08-31 09:00 . 2008-09-26 11:27 -------- d-----w- c:\program files\Alwil Software
2010-08-13 12:44 . 2008-10-01 08:07 10 ----a-w- c:\windows\popcinfo.dat
2010-06-28 11:19 . 2010-06-28 11:19 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-28 11:19 . 2010-06-28 11:19 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-28 11:19 . 2010-06-28 11:19 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-28 11:19 . 2010-06-28 11:19 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-28 11:19 . 2010-06-28 11:19 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-28 11:19 . 2010-06-28 11:19 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-28 11:19 . 2010-06-28 11:19 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-28 11:19 . 2010-06-28 11:19 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-28 11:19 . 2010-06-28 11:19 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-28 11:17 . 2008-09-26 11:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-28 11:17 . 2003-02-21 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2008-10-15 18:31 . 2008-11-12 12:25 599730 ----a-w- c:\program files\PODESAVANJE ACCESSA.bmp
2004-08-04 01:07 . 2004-08-04 01:07 168509 --sha-r- c:\windows\system32\bngqdy.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2010-09-06 10:22 2735200 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-28 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"9122:TCP"= 9122:TCP:Services
"9121:TCP"= 9121:TCP:Services
"5133:TCP"= 5133:TCP:bvsqyowx
"2117:TCP"= 2117:TCP:Services
"2734:TCP"= 2734:TCP:Services

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [02/09/2010 08:01 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [02/09/2010 08:01 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [10/08/2010 01:16 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [02/09/2010 08:01 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [02/09/2010 08:01 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [02/09/2010 08:00 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [01/09/2010 12:33 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100906.001\IDSXpx86.sys [07/09/2010 07:16 331640]
S2 cdjofqerh;Shell Helper;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 03:07 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CDJOFQERH

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rlafzt
cdjofqerh
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1229272821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-09-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1229272821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {63495B67-A54F-4C8A-A199-C8729D66C5E2} = 81.93.64.1,81.93.64.6
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1392740&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1392740&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
.
.
------- File Associations -------
.
.scr=AOEMViewScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-09-07 12:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x813DA78A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf857cfc3
\Driver\ACPI -> ACPI.sys @ 0xf84efcb8
\Driver\atapi -> ntoskrnl.exe @ 0x805c9b6e
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> 0x81440ae0
PacketIndicateHandler -> NDIS.sys @ 0xf8318b21
SendHandler -> NDIS.sys @ 0xf82f687b
copy of MBR has been found in sector 0x04A85300
malicious code @ sector 0x04A85303 !
PE file found in sector at 0x04A85319 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdjofqerh]
"ServiceDll"="c:\windows\system32\bngqdy.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3892)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-07 12:51:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-07 10:51

Pre-Run: 9.280.724.992 bytes free
Post-Run: 10.147.483.648 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 22304A9223B82464E69D55DD2F481C55

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Detaljno isprati sledeca uputstva

------------------------------------------------------------------------------------
Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\bngqdy.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5133:TCP"=-

Driver::
cdjofqerh

NetSvc::
rlafzt
cdjofqerh


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.





------------------------------------------------------------------------------------

Arrow Preuzmi MBRCheck sa sledece adrese na Desktop:

MBRCheck Download Link
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:

Deaktiviraj zastitni softver (uputstvo)
Pokreni program dvoklikom
Ukoliko program detektuje neke nepravilnosti u MBR-u: Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit;u tom slucaju pritisni N pa Enter(dva puta)
Ukoliko nista nije nadjeno (Done!Press ENTER to exit...) pritisni Enter (jednom)

Na Desktop-u bi nakon ovog postupka trebalo da se pojavi txt fajl pod nazivom MBRCheck_mm.dd.yy_hh.mm.ss
(mm.dd.yy.hh.mm.ss < -- oznacavaju datum i vreme pokretanja programa)

Sadrzaj ovog txt fajla iskopirati u sledecoj poruci
Dvoklikom otvoriti MBRCheck_mm.dd.yy_hh.mm.ss.txtklikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.









goran9888 (AMF Tim)

offline
  • Pridružio: 13 Apr 2008
  • Poruke: 79
  • Gde živiš: Republika Srpska

ComboFix 10-09-07.01 - PC 08/09/2010 7:52.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.387.1033.18.510.214 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PC\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\bngqdy.dll"
.

((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-07 09:56 . 2010-08-30 12:33 43008 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-07 09:56 . 2010-08-30 12:33 338944 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-07 09:56 . 2010-08-30 12:33 346112 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-07 09:56 . 2010-08-30 12:34 1496064 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-02 06:01 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-09-02 06:01 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-09-02 06:01 . 2009-10-15 03:50 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-09-02 06:01 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-09-02 06:01 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-09-02 06:01 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-09-01 10:17 . 2010-09-01 10:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-01 10:17 . 2010-09-01 10:17 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-01 10:17 . 2010-09-01 10:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-01 10:17 . 2010-09-01 10:17 -------- d-----w- c:\program files\Symantec
2010-09-01 10:15 . 2010-09-03 05:22 -------- d-----w- c:\windows\system32\drivers\NIS
2010-09-01 10:15 . 2010-09-01 10:15 -------- d-----w- c:\program files\Norton Internet Security
2010-09-01 10:15 . 2010-09-01 10:15 -------- d-----w- c:\program files\Windows Sidebar
2010-09-01 10:15 . 2010-09-01 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-09-01 10:15 . 2010-09-01 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-09-01 10:15 . 2010-09-01 10:15 -------- d-----w- c:\program files\NortonInstaller
2010-09-01 09:39 . 2010-09-01 09:39 -------- d-----w- c:\documents and settings\PC\Application Data\URSoft
2010-09-01 09:39 . 2010-09-01 09:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-01 09:38 . 2010-09-01 09:38 -------- d-----w- c:\program files\Your Uninstaller 2008
2010-08-31 09:00 . 2010-08-31 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-30 06:51 . 2010-08-30 06:56 -------- d-----w- C:\sneki

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 10:17 . 2010-09-01 10:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-01 10:17 . 2010-09-01 10:17 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-01 09:45 . 2009-02-27 08:05 -------- d-----w- c:\program files\Kaspersky Lab
2010-08-31 09:00 . 2008-09-26 11:27 -------- d-----w- c:\program files\Alwil Software
2010-08-13 12:44 . 2008-10-01 08:07 10 ----a-w- c:\windows\popcinfo.dat
2010-06-28 11:19 . 2010-06-28 11:19 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-28 11:19 . 2010-06-28 11:19 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-28 11:19 . 2010-06-28 11:19 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-28 11:19 . 2010-06-28 11:19 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-28 11:19 . 2010-06-28 11:19 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-28 11:19 . 2010-06-28 11:19 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-28 11:19 . 2010-06-28 11:19 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-28 11:19 . 2010-06-28 11:19 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-28 11:19 . 2010-06-28 11:19 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-28 11:17 . 2008-09-26 11:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-28 11:17 . 2003-02-21 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2008-10-15 18:31 . 2008-11-12 12:25 599730 ----a-w- c:\program files\PODESAVANJE ACCESSA.bmp
.

((((((((((((((((((((((((((((( SnapShot@2010-09-07_10.46.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-08 05:50 . 2010-09-08 05:50 16384 c:\windows\Temp\Perflib_Perfdata_7b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2010-09-06 10:22 2735200 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-28 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"9122:TCP"= 9122:TCP:Services
"9121:TCP"= 9121:TCP:Services
"2117:TCP"= 2117:TCP:Services
"2734:TCP"= 2734:TCP:Services
"5329:TCP"= 5329:TCP:Services
"9158:TCP"= 9158:TCP:Services

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [02/09/2010 08:01 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [02/09/2010 08:01 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [10/08/2010 01:16 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [02/09/2010 08:01 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [02/09/2010 08:01 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [02/09/2010 08:00 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [01/09/2010 12:33 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100906.001\IDSXpx86.sys [07/09/2010 07:16 331640]
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1229272821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-09-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1229272821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {63495B67-A54F-4C8A-A199-C8729D66C5E2} = 81.93.64.1,81.93.64.6
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1392740&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1392740&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\59kqsslm.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-09-08 08:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0xFFB4C78A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf857cfc3
\Driver\ACPI -> ACPI.sys @ 0xf84efcb8
\Driver\atapi -> ntoskrnl.exe @ 0x805c9b6e
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> 0xffbb2ae0
PacketIndicateHandler -> NDIS.sys @ 0xf8318b21
SendHandler -> NDIS.sys @ 0xf82f687b
copy of MBR has been found in sector 0x04A85300
malicious code @ sector 0x04A85303 !
PE file found in sector at 0x04A85319 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
Completion time: 2010-09-08 08:06:45
ComboFix-quarantined-files.txt 2010-09-08 06:06
ComboFix2.txt 2010-09-07 10:51

Pre-Run: 10.153.209.856 bytes free
Post-Run: 10.146.140.160 bytes free

- - End Of File - - 8359270E464402ECFC01FF9E3E791C4C


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x00000015

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF8A38000 \WINDOWS\system32\KDCOM.DLL
0xF8948000 \WINDOWS\system32\BOOTVID.dll
0xF84E9000 ACPI.sys
0xF8A3A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84D8000 pci.sys
0xF8538000 isapnp.sys
0xF8B00000 PCIIde.sys
0xF87B8000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF8A3C000 intelide.sys
0xF8548000 MountMgr.sys
0xF84B9000 ftdisk.sys
0xF8A3E000 dmload.sys
0xF8493000 dmio.sys
0xF87C0000 PartMgr.sys
0xF8558000 VolSnap.sys
0xF847B000 atapi.sys
0xF8568000 disk.sys
0xF8578000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF845C000 fltMgr.sys
0xF8406000 SYMDS.SYS
0xF83F4000 sr.sys
0xF83C7000 SYMEFA.SYS
0xF8588000 PxHelp20.sys
0xF83B0000 KSecDD.sys
0xF8323000 Ntfs.sys
0xF82F6000 NDIS.sys
0xF82DB000 Mup.sys
0xF86E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF81DB000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF81C7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8848000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF81A4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8850000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF817E000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF86F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8858000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8860000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8868000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8708000 \SystemRoot\system32\DRIVERS\serial.sys
0xF89E4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF816A000 \SystemRoot\system32\DRIVERS\parport.sys
0xF814F000 \SystemRoot\system32\drivers\ac97ich4.sys
0xF812D000 \SystemRoot\system32\drivers\portcls.sys
0xF8718000 \SystemRoot\system32\drivers\drmk.sys
0xF810A000 \SystemRoot\system32\drivers\ks.sys
0xF8BF6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8728000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF89E8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF80F3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8738000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8748000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8870000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF80E2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8758000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8878000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8880000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8012000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8768000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8A78000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7FB6000 \SystemRoot\system32\DRIVERS\update.sys
0xF8A08000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8778000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8798000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A7A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8888000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8A7C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B3C000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A7E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8898000 \SystemRoot\System32\drivers\vga.sys
0xF8A80000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A82000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88A8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF82A2000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEF6FB000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEF6A3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEF64C000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS
0xEF627000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xEF606000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF85B8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEF5B1000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100906.001\IDSxpx86.sys
0xEF589000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEF567000 \SystemRoot\System32\drivers\afd.sys
0xF85C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEF548000 \SystemRoot\system32\drivers\NIS\1107000.00C\Ironx86.SYS
0xF85D8000 \SystemRoot\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
0xEF51C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEF4AD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8608000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF44F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEF432000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEF3B3000 \SystemRoot\system32\drivers\NIS\1107000.00C\ccHPx86.sys
0xEF307000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
0xEF2C7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A96000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF88D8000 \SystemRoot\System32\watchdog.sys
0xF8006000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF8B75000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E1000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D3000 \SystemRoot\System32\ialmrnt5.dll
0xBFA00000 \SystemRoot\System32\ialmdev5.DLL
0xBFA1F000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEF1C7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEEF1A000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF0FF000 \SystemRoot\system32\drivers\sysaudio.sys
0xEEC90000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8A50000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEEB4D000 \SystemRoot\system32\DRIVERS\srv.sys
0xF88F8000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xEE76B000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xF8828000 \??\C:\DOCUME~1\PC\LOCALS~1\Temp\mbr.sys
0xF8930000 \??\C:\DOCUME~1\PC\LOCALS~1\Temp\catchme.sys
0xF8A8A000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xEE1DA000 \SystemRoot\System32\Drivers\HTTP.sys
0xEE1B0000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 25):
0 System Idle Process
4 System
412 C:\WINDOWS\system32\smss.exe
460 csrss.exe
488 C:\WINDOWS\system32\winlogon.exe
532 C:\WINDOWS\system32\services.exe
544 C:\WINDOWS\system32\lsass.exe
700 C:\WINDOWS\system32\svchost.exe
756 svchost.exe
820 C:\WINDOWS\system32\svchost.exe
880 svchost.exe
984 svchost.exe
1252 C:\WINDOWS\system32\spoolsv.exe
1708 C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
1764 C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
1856 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
1936 sqlservr.exe
1968 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
280 wdfmgr.exe
1908 C:\WINDOWS\system32\wscntfy.exe
2680 alg.exe
3236 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
3352 C:\WINDOWS\explorer.exe
3636 C:\Program Files\Mozilla Firefox\firefox.exe
3020 C:\Documents and Settings\PC\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000004`e22d6a00 (NTFS)

PhysicalDrive0 Model Number: IC35L040AVVN07-0, Rev: VA2OAF1A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 MBR Code Faked (known infection: Whistler / Black Internet)!
SHA1: 4C73F18103C9BEEC7A59697F7C30E616317435F9


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Detaljno isprati sledece uputstvo

------------------------------------------------------------------------------------
-Restartuj racunar
-Prilikom startovanja racunara, izacice ekran na kome trebas izabrati Microsoft Windows Recovery Console kao na slici:

-Nakon ulaska u RC (Recovery Console) potrebno je da ukucas 1 i pritisnes Enter:

-Potrebno je da se ukuca Administratorski password (ukoliko nemas password na Administratorskom nalogu samo pritisni Enter):

-Na kraju je potrebno da ukucas komandu: fixmbr , kao na sledecoj slici i pritisnes Enter:

-Ukoliko se pojavi bilo kakav upit, ukucati Y i pritisnuti Enter


------------------------------------------------------------------------------------


Arrow U sledecoj poruci mi postavi svez/nov MBRCheck log.
Uputstvo za postavljanje ovog loga imas u mojoj prethodnoj poruci.






goran9888 (AMF Tim)

offline
  • Pridružio: 13 Apr 2008
  • Poruke: 79
  • Gde živiš: Republika Srpska

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x00000015

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF8A38000 \WINDOWS\system32\KDCOM.DLL
0xF8948000 \WINDOWS\system32\BOOTVID.dll
0xF84E9000 ACPI.sys
0xF8A3A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84D8000 pci.sys
0xF8538000 isapnp.sys
0xF8B00000 PCIIde.sys
0xF87B8000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF8A3C000 intelide.sys
0xF8548000 MountMgr.sys
0xF84B9000 ftdisk.sys
0xF8A3E000 dmload.sys
0xF8493000 dmio.sys
0xF87C0000 PartMgr.sys
0xF8558000 VolSnap.sys
0xF847B000 atapi.sys
0xF8568000 disk.sys
0xF8578000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF845C000 fltMgr.sys
0xF8406000 SYMDS.SYS
0xF83F4000 sr.sys
0xF83C7000 SYMEFA.SYS
0xF8588000 PxHelp20.sys
0xF83B0000 KSecDD.sys
0xF8323000 Ntfs.sys
0xF82F6000 NDIS.sys
0xF82DB000 Mup.sys
0xF8718000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF81DB000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF81C7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8840000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF81A4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8848000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF817E000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF8728000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8850000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8858000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8860000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8738000 \SystemRoot\system32\DRIVERS\serial.sys
0xF89E0000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF816A000 \SystemRoot\system32\DRIVERS\parport.sys
0xF814F000 \SystemRoot\system32\drivers\ac97ich4.sys
0xF812D000 \SystemRoot\system32\drivers\portcls.sys
0xF8748000 \SystemRoot\system32\drivers\drmk.sys
0xF810A000 \SystemRoot\system32\drivers\ks.sys
0xF8BAF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8758000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF89E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF80F3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8768000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8778000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8868000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF80E2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8788000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8870000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8878000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7F92000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8798000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8A62000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7F36000 \SystemRoot\system32\DRIVERS\update.sys
0xF8A04000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF87A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF85B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A64000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8880000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xEF6D7000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SRTSP.SYS
0xEF6B8000 \SystemRoot\system32\drivers\NIS\1107000.00C\Ironx86.SYS
0xF85E8000 \SystemRoot\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
0xEF547000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF8A72000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8C3C000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A74000 \SystemRoot\System32\Drivers\Beep.SYS
0xF88A8000 \SystemRoot\System32\drivers\vga.sys
0xF8A76000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A78000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88B0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88B8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8296000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEF500000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEF4A8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEF451000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS
0xEF430000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF85F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEF3DB000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100908.001\IDSxpx86.sys
0xEF3B3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEF391000 \SystemRoot\System32\drivers\afd.sys
0xF8608000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEF365000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEF2F6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8638000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF298000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEF27B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEF1FC000 \SystemRoot\system32\drivers\NIS\1107000.00C\ccHPx86.sys
0xEF150000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
0xEF110000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A84000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF88E0000 \SystemRoot\System32\watchdog.sys
0xF7F76000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF8B8A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E1000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D3000 \SystemRoot\System32\ialmrnt5.dll
0xBFA00000 \SystemRoot\System32\ialmdev5.DLL
0xBFA1F000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEEFE8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEED7D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEED40000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF048000 \SystemRoot\system32\drivers\sysaudio.sys
0xEEA66000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8AF2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEE9EB000 \SystemRoot\system32\DRIVERS\srv.sys
0xF87D8000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xEE591000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xEE398000 \SystemRoot\System32\Drivers\HTTP.sys
0xEE0E2000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100908.035\NAVEX15.SYS
0xEE0CE000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100908.035\NAVENG.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
412 C:\WINDOWS\system32\smss.exe
464 csrss.exe
488 C:\WINDOWS\system32\winlogon.exe
532 C:\WINDOWS\system32\services.exe
544 C:\WINDOWS\system32\lsass.exe
696 C:\WINDOWS\system32\svchost.exe
788 svchost.exe
852 C:\WINDOWS\system32\svchost.exe
972 svchost.exe
1120 C:\WINDOWS\explorer.exe
1156 svchost.exe
1276 C:\WINDOWS\system32\spoolsv.exe
1424 C:\WINDOWS\system32\igfxtray.exe
1436 C:\WINDOWS\system32\hkcmd.exe
1448 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
1460 C:\Program Files\Winamp\winampa.exe
1476 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
1484 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
1492 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
1516 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1524 C:\WINDOWS\system32\ctfmon.exe
1672 C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
1728 C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
1792 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
1844 sqlservr.exe
1868 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
1984 wdfmgr.exe
1604 C:\WINDOWS\system32\wscntfy.exe
1780 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
2376 alg.exe
2236 C:\Documents and Settings\PC\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000004`e22d6a00 (NTFS)

PhysicalDrive0 Model Number: IC35L040AVVN07-0, Rev: VA2OAF1A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Kakvo je sada stanje racunara?

offline
  • Pridružio: 13 Apr 2008
  • Poruke: 79
  • Gde živiš: Republika Srpska

Izgleda da sad radi ok. U glavnom sada radi brze. Hvala puno!

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Log je cist, sto znaci da na racunaru vise ne postoji malware.



----------------------------------------------------------------------------------------

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.


-------------------------------------------------------------------------------------



Preporuka:

- Preporucujem ti da instaliras Service Pack 3. Necu govoriti o njegovim prednostima u odnosu na SP2. Te informacije mozes naci na net-u. Uglavnom, MS je prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru i to je jos jedan od problema.
- Ukoliko imas problema (npr zelis da ubrzas/rasteretis Windows) sa racunarom otvori novu temu u odgovarajucem podforumu (npr u Windows delu).

-------------------------------------------------------------------------------------





Ovom mojom porukom zavrsavamo diskusiju u ovoj temi.



Hvala sto verujes AMF Tim-u. Ziveli



Pozdrav,
goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 660 korisnika na forumu :: 16 registrovanih, 1 sakriven i 643 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Dukelander, ekser222, Georgius, goxin, indja, ivan979, maCvele, MB120mm, Mixelotti, mnn2, nenad81, RecA, Trpe Grozni, 223223