Usporen racunar

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 06 Maj 2009 23:30

nestor91028 ::koji tekst ne pise nista?
izvini nisam video pre, malo mi sporije otvorilo

Dopuna: 06 Maj 2009 23:42

ComboFix 09-05-05.05 - Nikola 06.05.2009 23:30.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.381.1033.18.511.85 [GMT 2:00]
Running from: c:\documents and settings\Nikola\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nikola\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-05-06 20:57 . 2009-05-06 20:57 -------- d-----w c:\program files\Common Files\xing shared
2009-05-06 17:07 . 2009-05-06 17:07 -------- d-----w c:\program files\CCleaner
2009-05-06 08:37 . 2009-05-06 16:28 -------- d--h--w C:\$AVG8.VAULT$
2009-05-06 08:26 . 2009-05-06 08:26 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-06 08:26 . 2009-05-06 08:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-06 08:25 . 2009-05-06 08:25 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-06 08:25 . 2009-05-06 15:44 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\program files\AVG
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-05 20:02 . 2009-05-05 20:18 -------- d-----w c:\program files\Online TV Player 4
2009-05-05 20:02 . 2009-05-05 20:02 -------- d-----w c:\program files\Dexpot
2009-05-05 16:09 . 2009-05-05 16:09 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-05-04 14:15 . 2009-05-04 14:15 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-03 18:22 . 2003-02-28 16:26 139536 ----a-w c:\windows\system32\javaee.dll
2009-05-03 18:22 . 2003-02-28 16:26 171792 ----a-w c:\windows\system32\wjview.exe
2009-05-03 18:22 . 2003-02-28 16:26 172304 ----a-w c:\windows\system32\jview.exe
2009-05-03 18:22 . 2003-02-28 16:26 49424 ----a-w c:\windows\system32\clspack.exe
2009-05-02 19:41 . 2009-05-02 19:41 -------- d-----w c:\program files\YouTube Downloader
2009-05-02 05:45 . 2006-02-28 12:00 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-01 18:47 . 2009-05-06 18:13 -------- d-----w c:\documents and settings\Nikola\Application Data\Hamachi
2009-05-01 18:46 . 2009-05-01 18:46 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-05-01 18:46 . 2009-05-01 18:47 -------- d-----w c:\program files\Hamachi
2009-05-01 18:33 . 2009-02-06 10:29 2142720 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-01 18:33 . 2009-02-06 10:32 2186112 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-01 18:33 . 2009-02-06 09:49 2020864 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-01 18:33 . 2009-02-06 09:49 2062976 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-01 18:00 . 2009-05-01 18:00 -------- d-----w c:\program files\Windows Live Favorites
2009-05-01 17:56 . 2009-05-01 20:00 -------- d-----w c:\documents and settings\Nikola\Contacts
2009-05-01 17:52 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-01 17:52 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-01 17:51 . 2009-05-01 17:51 -------- d-----w c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2009-05-01 17:49 . 2009-05-01 18:00 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-01 17:47 . 2009-05-01 17:47 -------- d-----w c:\program files\MSN Messenger
2009-04-30 22:14 . 2009-04-30 22:14 -------- d-----w c:\documents and settings\Nikola\Application Data\Deckadance
2009-04-30 22:08 . 2009-05-01 20:58 -------- d-----w c:\program files\Image-Line
2009-04-30 22:07 . 2009-04-30 22:07 -------- d-----w c:\program files\VstPlugins
2009-04-30 21:48 . 2009-05-01 18:49 -------- d-----w c:\documents and settings\Nikola\Application Data\MyRadioPlayer
2009-04-30 21:44 . 2009-05-01 18:49 -------- d-----w c:\program files\MyRadioPlayer
2009-04-30 21:44 . 2009-04-30 21:44 -------- d-----w c:\program files\AskSBar
2009-04-30 21:37 . 2009-04-30 21:37 -------- d-----w c:\documents and settings\Nikola\Local Settings\Application Data\Mozilla
2009-04-30 19:18 . 2009-04-30 19:18 -------- d-----w c:\windows\Sun
2009-04-30 18:27 . 2009-04-30 18:27 -------- d-----w c:\program files\GameTop.com
2009-04-30 17:10 . 2009-04-30 17:10 197120 ----a-w c:\windows\system32\New Golf GTI screensaver.scr
2009-04-30 17:10 . 2009-04-30 17:10 -------- d-----w c:\windows\system32\New Golf GTI screensaver dir
2009-04-22 22:09 . 2009-04-22 22:09 -------- d-----w c:\program files\INT=CHAR
2009-04-20 11:54 . 2009-05-01 20:38 -------- d-----w c:\program files\Valve
2009-04-18 20:43 . 2009-04-18 20:43 -------- d-----w c:\program files\Novel Games
2009-04-13 19:21 . 2009-04-13 19:21 -------- d-----w c:\documents and settings\Nikola\Application Data\Pioneer
2009-04-13 19:16 . 2009-04-13 19:16 -------- d-----w c:\windows\system32\ipp20

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 20:57 . 2007-10-07 10:51 -------- d-----w c:\program files\Common Files\Real
2009-05-06 20:57 . 2007-10-07 10:50 -------- d-----w c:\program files\Real
2009-05-06 20:57 . 2003-03-18 19:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-06 20:55 . 2007-10-07 10:26 -------- d-----w c:\program files\Google
2009-05-06 20:09 . 2008-08-11 22:11 -------- d-----w c:\program files\FlashGet
2009-05-06 18:14 . 2008-07-23 10:11 -------- d-----w c:\program files\SysMetrix
2009-05-06 07:43 . 2007-09-28 21:12 -------- d-----w c:\program files\Kaspersky Lab
2009-05-04 14:17 . 2003-02-21 03:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-03 18:22 . 2009-05-03 18:22 2232 ----a-w c:\windows\java\Packages\Data\Z5BBJ797.DAT
2009-05-03 18:22 . 2009-05-03 18:22 155995 ----a-w c:\windows\java\Packages\X7LBNNDF.ZIP
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\6IRJTBXN.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\U857R17J.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\MPNBXNTF.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\8QT3BTBJ.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\B5RVNJPR.DAT
2009-05-02 19:42 . 2007-10-07 10:26 -------- d-----w c:\program files\DivX
2009-05-02 05:56 . 2007-03-15 20:57 -------- d-----w c:\program files\Microsoft SQL Server
2009-05-01 20:57 . 2009-01-12 19:29 -------- d-----w c:\program files\Counter Strike - SRPSKA CAST
2009-05-01 11:57 . 2007-08-08 11:09 134832 ----a-w c:\documents and settings\Nikola\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 08:16 . 2007-03-15 21:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-30 21:47 . 2009-01-28 13:17 -------- d-----w c:\program files\Java
2009-03-28 22:14 . 2008-07-17 21:45 -------- d-----w c:\program files\SpeedFan
2009-03-21 17:40 . 2008-05-06 19:56 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-03-13 16:18 . 2008-07-21 18:56 -------- d-----w c:\program files\ImTOO
2009-03-12 13:17 . 2009-03-12 13:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-12 13:17 . 2009-03-12 13:17 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\Common Files\Nokia
2009-03-12 13:14 . 2009-03-12 13:13 -------- d-----w c:\program files\Nokia
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\DIFX
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-06 14:00 . 2007-03-15 19:08 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:14 . 2007-03-15 19:08 1227776 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:14 . 2007-03-15 19:08 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2007-03-15 19:08 1847424 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2007-03-15 19:08 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2007-03-15 19:08 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2007-03-15 19:08 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2007-03-15 19:08 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-08 18:09 . 2009-02-08 18:08 107424 ----a-w c:\windows\hpqins11.dat
2009-02-08 18:08 . 2008-12-31 17:05 141021 ----a-w c:\windows\hpoins14.dat
2009-02-06 10:32 . 2007-03-15 19:08 2186112 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2007-03-15 19:08 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2007-03-15 19:08 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-03 22:59 2062976 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-12-20 13:11 . 2008-12-20 13:11 139 --sh--w c:\program files\desktop.ini
.

------- Sigcheck -------

[7] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[7] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[7] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[7] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[7] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[7] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[7] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2006-02-28 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB834707$\wininet.dll
[7] 2004-09-29 18:47 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\$NtUninstallKB867282$\wininet.dll
[7] 2005-01-27 17:13 656896 B5E043E440B210014E021B24CF0A72E3 c:\windows\$NtUninstallKB883939$\wininet.dll
[7] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896688$\wininet.dll
[7] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$NtUninstallKB925454$\wininet.dll
[7] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 14:05 1224704 F846FBB81B253FAF23036EEAD0455144 c:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2009-02-20 08:14 668160 1EA0E6DD74199209D60991FD46CE8643 c:\windows\SoftwareDistribution\Download\38cc9246b0b2808f85d733169eec82d4\sp2qfe\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\SoftwareDistribution\Download\38cc9246b0b2808f85d733169eec82d4\sp3gdr\wininet.dll
[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\SoftwareDistribution\Download\38cc9246b0b2808f85d733169eec82d4\sp3qfe\wininet.dll
[-] 2009-02-20 08:14 1227776 A5B96F46650BEA35CCA41D14A1464160 c:\windows\system32\wininet.dll
[-] 2009-02-20 08:14 1227776 A5B96F46650BEA35CCA41D14A1464160 c:\windows\system32\dllcache\wininet.dll

[-] 2005-04-05 18:06 1880576 7848D851A023380C9702CC9D0C791113 c:\windows\explorer.exe
[7] 2006-02-28 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB898543$\explorer.exe
[-] 2005-04-05 18:06 1880576 7848D851A023380C9702CC9D0C791113 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-06_18.08.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-05-04 14:17 . 2009-05-04 14:17 5632 c:\windows\system32\pndx5032.dll
+ 2009-05-04 14:17 . 2009-05-06 20:57 5632 c:\windows\system32\pndx5032.dll
- 2009-05-04 14:17 . 2009-05-04 14:17 6656 c:\windows\system32\pndx5016.dll
+ 2009-05-04 14:17 . 2009-05-06 20:57 6656 c:\windows\system32\pndx5016.dll
- 2009-05-04 14:17 . 2009-05-04 14:17 185920 c:\windows\system32\rmoc3260.dll
+ 2009-05-06 20:57 . 2009-05-06 20:57 185920 c:\windows\system32\rmoc3260.dll
+ 2009-05-04 14:17 . 2009-05-06 20:57 278528 c:\windows\system32\pncrt.dll
- 2009-05-04 14:17 . 2009-05-04 14:17 278528 c:\windows\system32\pncrt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2005-06-02 1957888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [BU]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HService"="c:\windows\msservice.exe" [BU]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-06 1947928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-06 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-27 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-06 08:26 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
[BU]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave5"= serwvdrv.dll
"wave6"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\INT=CHAR\\Na Kosovo Ravno\\hl.exe"=
"d:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1509:UDP"= 1509:UDP:Windows Media Format SDK (InternetTV.exe)
"1508:UDP"= 1508:UDP:Windows Media Format SDK (InternetTV.exe)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6.5.2009 10:25 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6.5.2009 10:26 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6.5.2009 10:25 298776]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [7.10.2007 11:35 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [7.10.2007 11:35 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [7.10.2007 11:35 8864]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 22:31 29263712]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 12:54 97136]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys --> c:\windows\system32\drivers\sdpiosys.sys [?]
S2 gupdate1c9ce8d46a6744;Услуга Google Update (gupdate1c9ce8d46a6744);c:\program files\Google\Update\GoogleUpdate.exe [6.5.2009 22:55 133104]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys --> c:\windows\system32\DRIVERS\Amps2prt.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 GAGPDrv;GAGPDrv;c:\windows\system32\drivers\GAGPDrv.sys [31.5.2008 12:21 4764]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GUPDATE1C9CE8D46A6744

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39]

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-06 20:55]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local.,
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm427YYRS
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?0f1e5aafb10a45dcabb7c92063593335
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?0f1e5aafb10a45dcabb7c92063593335
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1592999&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Searchme
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1592999&SearchSource=2&q=
FF - component: c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\extensions\{1755e943-b0af-431b-8ba7-3a74879720dd}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-06 23:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2503863038-3716547860-1000463515-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
mod by bobby: izbacio sam OODefrag hex kljuc koji je bio toliko dugacak da je zeznuo prelom stranice na forumu.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3704)
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
.
Completion time: 2009-05-06 23:37
ComboFix-quarantined-files.txt 2009-05-06 21:36
ComboFix2.txt 2009-05-06 20:33

Pre-Run: 8.348.258.304 bytes free
Post-Run: 8.356.974.592 bytes free

309 --- E O F --- 2009-05-06 05:53

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokreni HiJack This, skeniraj i cekiraj kvadratic ispred sledece linije:

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm427YYRS

i klikni FIX CHECKED.

Onda mi postavi novi log HiJack Thisa.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 06 Maj 2009 23:55

nasao sam ga ali kad sam kliknuo na fix checked nije se pojavio log i posle je nestao, sad ga nema

Dopuna: 06 Maj 2009 23:57

sad sam shvatio sta trazis evo loga


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:27, on 6.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nikola\Desktop\Нова фасцикла\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HService] c:\WINDOWS\msservice.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Need for Speed™ Undercover Registration.lnk = C:\Program Files\EA GAMES\Need for Speed Undercover\Support\EAregister.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?0f1e5aafb10a45dcabb7c92063593335
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?0f1e5aafb10a45dcabb7c92063593335
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comtradegroup.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Услуга Google Update (gupdate1c9ce8d46a6744) (gupdate1c9ce8d46a6744) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - crveneberetke.com/images/crveneberetke.com_desktop002.JPG

--
End of file - 12362 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

mnogo bolje nego pre, ali je racunar dosta usporen u pocetku trbamu pet minuta da normalno profunkcionise.

Pozz......

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK.

Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.


Ako bude problema, a ti vici.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 07 Maj 2009 0:42

vazi, dodao sam te u kontakt za msn ako bude nesto iskrslo


Hvala na svemu i pOzzz...

Dopuna: 07 Maj 2009 16:55

MAlo se oduzilo ali evo loga





ComboFix 09-05-05.05 - Nikola 07.05.2009 16:39.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.381.1033.18.511.186 [GMT 2:00]
Running from: c:\downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-06 20:57 . 2009-05-06 20:57 -------- d-----w c:\program files\Common Files\xing shared
2009-05-06 17:07 . 2009-05-06 17:07 -------- d-----w c:\program files\CCleaner
2009-05-06 08:37 . 2009-05-07 12:57 -------- d--h--w C:\$AVG8.VAULT$
2009-05-06 08:26 . 2009-05-06 08:26 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-06 08:26 . 2009-05-06 08:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-06 08:25 . 2009-05-06 08:25 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-06 08:25 . 2009-05-07 11:45 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\program files\AVG
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-05 20:02 . 2009-05-05 20:18 -------- d-----w c:\program files\Online TV Player 4
2009-05-05 20:02 . 2009-05-05 20:02 -------- d-----w c:\program files\Dexpot
2009-05-05 16:09 . 2009-05-05 16:09 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-05-04 14:15 . 2009-05-04 14:15 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-03 18:22 . 2003-02-28 16:26 139536 ----a-w c:\windows\system32\javaee.dll
2009-05-03 18:22 . 2003-02-28 16:26 171792 ----a-w c:\windows\system32\wjview.exe
2009-05-03 18:22 . 2003-02-28 16:26 172304 ----a-w c:\windows\system32\jview.exe
2009-05-03 18:22 . 2003-02-28 16:26 49424 ----a-w c:\windows\system32\clspack.exe
2009-05-02 19:41 . 2009-05-02 19:41 -------- d-----w c:\program files\YouTube Downloader
2009-05-02 05:45 . 2006-02-28 12:00 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-01 18:47 . 2009-05-07 11:42 -------- d-----w c:\documents and settings\Nikola\Application Data\Hamachi
2009-05-01 18:46 . 2009-05-01 18:46 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-05-01 18:33 . 2009-02-06 10:29 2142720 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-01 18:33 . 2009-02-06 10:32 2186112 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-01 18:33 . 2009-02-06 09:49 2020864 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-01 18:33 . 2009-02-06 09:49 2062976 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-01 18:00 . 2009-05-01 18:00 -------- d-----w c:\program files\Windows Live Favorites
2009-05-01 17:56 . 2009-05-01 20:00 -------- d-----w c:\documents and settings\Nikola\Contacts
2009-05-01 17:52 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-01 17:52 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-01 17:51 . 2009-05-01 17:51 -------- d-----w c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2009-05-01 17:49 . 2009-05-01 18:00 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-01 17:47 . 2009-05-01 17:47 -------- d-----w c:\program files\MSN Messenger
2009-04-30 22:14 . 2009-04-30 22:14 -------- d-----w c:\documents and settings\Nikola\Application Data\Deckadance
2009-04-30 22:08 . 2009-05-01 20:58 -------- d-----w c:\program files\Image-Line
2009-04-30 22:07 . 2009-04-30 22:07 -------- d-----w c:\program files\VstPlugins
2009-04-30 21:48 . 2009-05-01 18:49 -------- d-----w c:\documents and settings\Nikola\Application Data\MyRadioPlayer
2009-04-30 21:44 . 2009-05-01 18:49 -------- d-----w c:\program files\MyRadioPlayer
2009-04-30 21:44 . 2009-04-30 21:44 -------- d-----w c:\program files\AskSBar
2009-04-30 21:37 . 2009-04-30 21:37 -------- d-----w c:\documents and settings\Nikola\Local Settings\Application Data\Mozilla
2009-04-30 19:18 . 2009-04-30 19:18 -------- d-----w c:\windows\Sun
2009-04-30 18:27 . 2009-04-30 18:27 -------- d-----w c:\program files\GameTop.com
2009-04-30 17:10 . 2009-04-30 17:10 197120 ----a-w c:\windows\system32\New Golf GTI screensaver.scr
2009-04-30 17:10 . 2009-04-30 17:10 -------- d-----w c:\windows\system32\New Golf GTI screensaver dir
2009-04-22 22:09 . 2009-04-22 22:09 -------- d-----w c:\program files\INT=CHAR
2009-04-20 11:54 . 2009-05-01 20:38 -------- d-----w c:\program files\Valve
2009-04-18 20:43 . 2009-04-18 20:43 -------- d-----w c:\program files\Novel Games
2009-04-13 19:21 . 2009-04-13 19:21 -------- d-----w c:\documents and settings\Nikola\Application Data\Pioneer
2009-04-13 19:16 . 2009-04-13 19:16 -------- d-----w c:\windows\system32\ipp20

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 12:13 . 2008-08-11 22:11 -------- d-----w c:\program files\FlashGet
2009-05-07 12:13 . 2009-02-19 19:15 -------- d-----w c:\program files\Winamp
2009-05-07 12:05 . 2007-10-07 10:26 -------- d-----w c:\program files\Google
2009-05-07 11:41 . 2008-07-23 10:11 -------- d-----w c:\program files\SysMetrix
2009-05-06 20:57 . 2007-10-07 10:51 -------- d-----w c:\program files\Common Files\Real
2009-05-06 20:57 . 2007-10-07 10:50 -------- d-----w c:\program files\Real
2009-05-06 20:57 . 2003-03-18 19:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-06 07:43 . 2007-09-28 21:12 -------- d-----w c:\program files\Kaspersky Lab
2009-05-04 14:17 . 2003-02-21 03:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-03 18:22 . 2009-05-03 18:22 2232 ----a-w c:\windows\java\Packages\Data\Z5BBJ797.DAT
2009-05-03 18:22 . 2009-05-03 18:22 155995 ----a-w c:\windows\java\Packages\X7LBNNDF.ZIP
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\6IRJTBXN.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\U857R17J.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\MPNBXNTF.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\8QT3BTBJ.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\B5RVNJPR.DAT
2009-05-02 19:42 . 2007-10-07 10:26 -------- d-----w c:\program files\DivX
2009-05-02 05:56 . 2007-03-15 20:57 -------- d-----w c:\program files\Microsoft SQL Server
2009-05-01 20:57 . 2009-01-12 19:29 -------- d-----w c:\program files\Counter Strike - SRPSKA CAST
2009-05-01 11:57 . 2007-08-08 11:09 134832 ----a-w c:\documents and settings\Nikola\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 08:16 . 2007-03-15 21:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-30 21:47 . 2009-01-28 13:17 -------- d-----w c:\program files\Java
2009-03-28 22:14 . 2008-07-17 21:45 -------- d-----w c:\program files\SpeedFan
2009-03-21 17:40 . 2008-05-06 19:56 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-03-13 16:18 . 2008-07-21 18:56 -------- d-----w c:\program files\ImTOO
2009-03-12 13:17 . 2009-03-12 13:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-12 13:17 . 2009-03-12 13:17 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\Common Files\Nokia
2009-03-12 13:14 . 2009-03-12 13:13 -------- d-----w c:\program files\Nokia
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\DIFX
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-06 14:00 . 2007-03-15 19:08 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:14 . 2007-03-15 19:08 1227776 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:14 . 2007-03-15 19:08 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2007-03-15 19:08 1847424 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2007-03-15 19:08 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2007-03-15 19:08 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2007-03-15 19:08 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2007-03-15 19:08 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-08 18:09 . 2009-02-08 18:08 107424 ----a-w c:\windows\hpqins11.dat
2009-02-08 18:08 . 2008-12-31 17:05 141021 ----a-w c:\windows\hpoins14.dat
2008-12-20 13:11 . 2008-12-20 13:11 139 --sh--w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2005-06-02 1957888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-06 1947928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-06 198160]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 169984]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-27 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-06 08:26 11952 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave5"= serwvdrv.dll
"wave6"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nikola^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Nikola\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nikola^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk]
path=c:\documents and settings\Nikola\Start Menu\Programs\Startup\Need for Speed™ Undercover Registration.lnk
backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\INT=CHAR\\Na Kosovo Ravno\\hl.exe"=
"d:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1509:UDP"= 1509:UDP:Windows Media Format SDK (InternetTV.exe)
"1508:UDP"= 1508:UDP:Windows Media Format SDK (InternetTV.exe)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6.5.2009 10:25 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6.5.2009 10:26 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6.5.2009 10:25 298776]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [7.10.2007 11:35 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [7.10.2007 11:35 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [7.10.2007 11:35 8864]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 22:31 29263712]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 12:54 97136]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys --> c:\windows\system32\drivers\sdpiosys.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys --> c:\windows\system32\DRIVERS\Amps2prt.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 GAGPDrv;GAGPDrv;c:\windows\system32\drivers\GAGPDrv.sys [31.5.2008 12:21 4764]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HService - c:\windows\msservice.exe
Notify-avldr - (no file)


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local.,
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?0f1e5aafb10a45dcabb7c92063593335
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?0f1e5aafb10a45dcabb7c92063593335
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1592999&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Searchme
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1592999&SearchSource=2&q=
FF - component: c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\extensions\{1755e943-b0af-431b-8ba7-3a74879720dd}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-07 16:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2503863038-3716547860-1000463515-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="D03B48AD5044A22
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(140)
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\AskSBar\bar\1.bin\ASKSBAR.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-05-07 16:50
ComboFix-quarantined-files.txt 2009-05-07 14:48
ComboFix2.txt 2009-05-06 21:37

Pre-Run: 10.872.872.960 bytes free
Post-Run: 10.861.998.080 bytes free

263 --- E O F --- 2009-05-06 22:48

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ugasi AV.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\msservice.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HService"=-

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.