MyCity » Ambulanta -> Arhiva Ambulante » pomoc!!!

pomoc!!!

Napisano na dan: 2.1.2009
3

pomoc!!!
Pagination Prethodna strana

Idi na vrh

Poslao: 02 Jan 2009 21:50
Idi na vrh
offline
  • Pridružio: 12 Nov 2007
  • Poruke: 64

ComboFix 09-01-01.02 - Bane 2009-01-02 20:16:43.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3284 [GMT -8:00]
Running from: c:\documents and settings\Bane\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bane\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2008-12-28 23:06 . 2008-12-28 23:06 <DIR> d-------- c:\program files\Winamp Toolbar
2008-12-28 23:06 . 2008-12-28 23:06 <DIR> d-------- c:\program files\Winamp Remote
2008-12-28 23:06 . 2008-12-28 23:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-28 23:06 . 2008-12-28 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-12-28 23:02 . 2007-03-07 15:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-12-28 23:02 . 2007-03-07 15:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-28 23:02 . 2007-03-07 15:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-23 23:48 . 2008-12-23 23:48 <DIR> d-------- c:\program files\uTorrent
2008-12-23 23:48 . 2008-12-24 20:43 <DIR> d-------- c:\documents and settings\Bane\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 03:38 --------- d-----w c:\program files\Mv2Player
2008-12-29 07:35 --------- d-----w c:\program files\Winamp
2008-12-28 01:24 14,336 ----a-w c:\windows\system32\svchost.exe
2008-12-24 07:43 --------- d-----w c:\program files\Micro DVD Player
2008-12-20 03:23 --------- d-----w c:\documents and settings\Bane\Application Data\Digidesign
2008-12-20 03:22 --------- d-----w c:\documents and settings\Bane\Application Data\Waves Preferences
2008-12-20 03:22 --------- d-----w c:\documents and settings\Bane\Application Data\PACE Anti-Piracy
2008-12-20 03:22 --------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2008-11-28 04:07 --------- d-----w c:\documents and settings\Bane\Application Data\Waves
2008-11-28 04:00 --------- d-----w c:\program files\MusicLab
2008-11-28 03:58 --------- d-----w c:\program files\Waves
2008-11-24 17:31 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-24 17:31 --------- d-----w c:\program files\Adobe Media Player
2008-11-24 17:12 --------- d-----w c:\program files\Google
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-06-01 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-27 68856]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-03-31 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-19 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-07-05 16384]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2008-05-07 33792]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-07-10 143624]
S3 ews88mt;EWS88 WDM Audio;c:\windows\system32\drivers\ews88wdm.sys [2007-03-14 95712]
S3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [2008-05-07 47624]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-07-10 143624]
.
Contents of the 'Scheduled Tasks' folder

2008-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-02 20:17:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-02 20:17:53
ComboFix-quarantined-files.txt 2009-01-03 04:17:49
ComboFix2.txt 2009-01-03 03:42:58
ComboFix3.txt 2009-01-03 03:03:52

Pre-Run: 4,885,929,984 bytes free
Post-Run: 4,877,398,016 bytes free

121

Dopuna: 02 Jan 2009 21:29

ComboFix 09-01-01.02 - Bane 2009-01-02 20:22:52.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3275 [GMT -8:00]
Running from: c:\documents and settings\Bane\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bane\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2008-12-28 23:06 . 2008-12-28 23:06 <DIR> d-------- c:\program files\Winamp Toolbar
2008-12-28 23:06 . 2008-12-28 23:06 <DIR> d-------- c:\program files\Winamp Remote
2008-12-28 23:06 . 2008-12-28 23:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-28 23:06 . 2008-12-28 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-12-28 23:02 . 2007-03-07 15:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-12-28 23:02 . 2007-03-07 15:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-28 23:02 . 2007-03-07 15:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-23 23:48 . 2008-12-23 23:48 <DIR> d-------- c:\program files\uTorrent
2008-12-23 23:48 . 2008-12-24 20:43 <DIR> d-------- c:\documents and settings\Bane\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 03:38 --------- d-----w c:\program files\Mv2Player
2008-12-29 07:35 --------- d-----w c:\program files\Winamp
2008-12-28 01:24 14,336 ----a-w c:\windows\system32\svchost.exe
2008-12-24 07:43 --------- d-----w c:\program files\Micro DVD Player
2008-12-20 03:23 --------- d-----w c:\documents and settings\Bane\Application Data\Digidesign
2008-12-20 03:22 --------- d-----w c:\documents and settings\Bane\Application Data\Waves Preferences
2008-12-20 03:22 --------- d-----w c:\documents and settings\Bane\Application Data\PACE Anti-Piracy
2008-12-20 03:22 --------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2008-11-28 04:07 --------- d-----w c:\documents and settings\Bane\Application Data\Waves
2008-11-28 04:00 --------- d-----w c:\program files\MusicLab
2008-11-28 03:58 --------- d-----w c:\program files\Waves
2008-11-24 17:31 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-24 17:31 --------- d-----w c:\program files\Adobe Media Player
2008-11-24 17:12 --------- d-----w c:\program files\Google
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-06-01 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-27 68856]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-03-31 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-19 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-07-05 16384]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2008-05-07 33792]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-07-10 143624]
S3 ews88mt;EWS88 WDM Audio;c:\windows\system32\drivers\ews88wdm.sys [2007-03-14 95712]
S3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [2008-05-07 47624]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-07-10 143624]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-02 20:23:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-02 20:23:32
ComboFix-quarantined-files.txt 2009-01-03 04:23:26
ComboFix2.txt 2009-01-03 04:17:54
ComboFix3.txt 2009-01-03 03:42:58
ComboFix4.txt 2009-01-03 03:03:52

Pre-Run: 4,867,547,136 bytes free
Post-Run: 4,859,535,360 bytes free

123

Dopuna: 02 Jan 2009 21:32

jesi li dobio Combo Fiks log

Dopuna: 02 Jan 2009 21:34

ComboFix 09-01-01.02 - Bane 2009-01-02 20:22:52.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3275 [GMT -8:00]
Running from: c:\documents and settings\Bane\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bane\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2008-12-28 23:06 . 2008-12-28 23:06 <DIR> d-------- c:\program files\Winamp Toolbar
2008-12-28 23:06 . 2008-12-28 23:06 <DIR> d-------- c:\program files\Winamp Remote
2008-12-28 23:06 . 2008-12-28 23:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-28 23:06 . 2008-12-28 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-12-28 23:02 . 2007-03-07 15:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-12-28 23:02 . 2007-03-07 15:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-28 23:02 . 2007-03-07 15:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-23 23:48 . 2008-12-23 23:48 <DIR> d-------- c:\program files\uTorrent
2008-12-23 23:48 . 2008-12-24 20:43 <DIR> d-------- c:\documents and settings\Bane\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 03:38 --------- d-----w c:\program files\Mv2Player
2008-12-29 07:35 --------- d-----w c:\program files\Winamp
2008-12-28 01:24 14,336 ----a-w c:\windows\system32\svchost.exe
2008-12-24 07:43 --------- d-----w c:\program files\Micro DVD Player
2008-12-20 03:23 --------- d-----w c:\documents and settings\Bane\Application Data\Digidesign
2008-12-20 03:22 --------- d-----w c:\documents and settings\Bane\Application Data\Waves Preferences
2008-12-20 03:22 --------- d-----w c:\documents and settings\Bane\Application Data\PACE Anti-Piracy
2008-12-20 03:22 --------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2008-11-28 04:07 --------- d-----w c:\documents and settings\Bane\Application Data\Waves
2008-11-28 04:00 --------- d-----w c:\program files\MusicLab
2008-11-28 03:58 --------- d-----w c:\program files\Waves
2008-11-24 17:31 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-24 17:31 --------- d-----w c:\program files\Adobe Media Player
2008-11-24 17:12 --------- d-----w c:\program files\Google
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-06-01 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-27 68856]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-03-31 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-19 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-07-05 16384]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2008-05-07 33792]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-07-10 143624]
S3 ews88mt;EWS88 WDM Audio;c:\windows\system32\drivers\ews88wdm.sys [2007-03-14 95712]
S3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [2008-05-07 47624]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-07-10 143624]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-02 20:23:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-02 20:23:32
ComboFix-quarantined-files.txt 2009-01-03 04:23:26
ComboFix2.txt 2009-01-03 04:17:54
ComboFix3.txt 2009-01-03 03:42:58
ComboFix4.txt 2009-01-03 03:03:52

Pre-Run: 4,867,547,136 bytes free
Post-Run: 4,859,535,360 bytes free

123

Dopuna: 02 Jan 2009 21:50

jesi li dobio Combo Fiks log,sta se desava

Poslao: 02 Jan 2009 21:50
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ovo je vec kako treba.

Hajde da deinstaliramo ComboFix:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


HijackThis mozes da obrises rucno.

Poslao: 02 Jan 2009 22:07
Idi na vrh
offline
  • Pridružio: 12 Nov 2007
  • Poruke: 64

nece da mi prihvati ime combofix /u

Poslao: 02 Jan 2009 22:14
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Onda probaj sledece da uneses u taj Run box:
c:\documents and settings\Bane\Desktop\ComboFix.exe /u
Zapazi razmak pre "/u".
Najbolje je da odavde uradis copy/paste, tako ne mozes da pogresis.

Poslao: 02 Jan 2009 22:20
Idi na vrh
offline
  • Pridružio: 12 Nov 2007
  • Poruke: 64

evo sve sam preneo ali nece,neznam sta se desava

Poslao: 02 Jan 2009 22:22
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nema problema, onda cemo rucno.

Obrisi sledece foldere:
C:\QooBox\
C:\ComboFix\

I obrisi ComboFix sa desktopa.

Poslao: 02 Jan 2009 22:29
Idi na vrh
offline
  • Pridružio: 12 Nov 2007
  • Poruke: 64

obrisao sam,jel to sve ili ima jos nesto

Poslao: 02 Jan 2009 22:33
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

To je sve Wink

Poslao: 02 Jan 2009 22:34
Idi na vrh
offline
  • Pridružio: 12 Nov 2007
  • Poruke: 64

hvala ti druze

MyCity » Ambulanta -> Arhiva Ambulante » pomoc!!!

Ko je trenutno na forumu
 

Ukupno su 842 korisnika na forumu :: 30 registrovanih, 9 sakrivenih i 803 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, bigfoot, bobomicek, Boris BM, Brana01, cavatina, CikaKURE, Dimitrise93, dushan, galerija, Georgius, Ivica1102, Krvava Devetka, kybonacci, laganini123, Litostroton, maiden6657, mercedesamg, MiroslavD, Mlav, mnn2, nenad81, NikolaGTR, Panter, ruger357, suton, Vlad000, voja64, zlaya011