problem

problem

offline
  • Pridružio: 24 Jan 2009
  • Poruke: 87

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:12 PM, on 7/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Milos\Policies\catsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milos\Desktop\New Folder\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.divx.com/postinstall/win/en
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [catsrv] C:\Documents and Settings\Milos\Policies\catsrv.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Milos\Policies\catsrv.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9547 bytes


Imam problem sto mi malo koci racunar i takodje malo veci problem sto mi microsoft office ne radi tj izbacuje mi poruku da nemam dovoljno memorije te da ne moze da se pokrene.Iako imam na hardu slobodno 60tak GB kao i 2 Gb Ram memorije.
Hvala unapred

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav

Preuzmi SysProt AntiRootkit sa sledeće stranice:

SysProt downlaod

Na strani koja se otvori treba kliknuti "here" link.



Raspakuj arhivu u neki folder (uputstvo), a zatim:
dvoklikom pokreni program i pređi na Log karticu;

štikliraj svih osam stavki i klikni Create log;

nakon određenog vremena će se pojaviti upit u kome treba obeležiti
Scan root drive only i kliknuti Start;

po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK;

izveštaj (log) će biti sačuvan u istom folderu u kome se nalazi i sam program.



Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 24 Jan 2009
  • Poruke: 87

mycity.rs/must-login.png

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Idemo dalje...


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 24 Jan 2009
  • Poruke: 87

Napisano: 01 Avg 2009 22:25

ComboFix 09-07-31.04 - Milos 08/01/2009 22:17.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1534 [GMT 2:00]
Running from: c:\documents and settings\Milos\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090801-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Milos\Desktop\Secret Service.lnk
c:\windows\Installer\2bed7b.msi
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-08-01 04:35 . 2009-08-01 04:35 -------- d-----w- c:\documents and settings\Milos\Application Data\Leadertech
2009-08-01 04:30 . 2009-08-01 04:30 -------- d-----w- c:\program files\EA Sports
2009-08-01 04:29 . 2009-08-01 04:30 -------- d-----w- c:\windows\LastGood
2009-07-31 16:00 . 2009-07-31 16:01 -------- d-----w- C:\Buziol Games
2009-07-31 14:33 . 2009-07-31 14:33 -------- d-----w- c:\documents and settings\Milos\Application Data\CyberLink
2009-07-31 09:48 . 2009-07-31 11:40 -------- d-----w- c:\program files\ApexDC++
2009-07-31 08:24 . 2009-07-31 08:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-31 08:17 . 2009-07-31 08:17 -------- d-----w- c:\documents and settings\Milos\WINDOWS
2009-07-30 20:57 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-30 20:52 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-30 20:51 . 2009-07-30 20:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-30 20:51 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-30 20:51 . 2009-07-30 20:51 -------- d-----w- c:\program files\Lavasoft
2009-07-30 17:36 . 2009-07-30 17:36 -------- d-----w- c:\documents and settings\Milos\Application Data\Desktopicon
2009-07-30 17:36 . 2009-07-30 17:36 -------- d-----w- c:\program files\Unlocker
2009-07-30 09:45 . 2009-07-30 09:45 -------- d-sh--w- c:\windows\ftpcache
2009-07-30 09:42 . 2009-07-30 09:42 -------- d-----w- c:\program files\Activision Value
2009-07-30 08:20 . 2009-07-30 08:20 -------- d-----w- c:\documents and settings\Milos\Application Data\BlackBean
2009-07-30 07:22 . 2009-07-30 07:22 -------- d-----w- c:\windows\Cache
2009-07-30 07:15 . 2009-07-30 07:15 -------- d-----w- c:\documents and settings\Milos\Local Settings\Application Data\HP
2009-07-29 20:49 . 2009-07-29 20:49 -------- d-----w- c:\program files\Jufsoft
2009-07-28 14:15 . 2009-05-18 09:00 208896 ----a-w- c:\windows\system32\WinSys2.exe
2009-07-28 14:15 . 2009-05-18 09:00 131072 ----a-w- c:\windows\system32\smdll.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 15:39 . 2002-01-02 15:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 08:35 . 2002-01-03 18:22 -------- d-----w- c:\program files\KONAMI
2009-07-30 20:51 . 2002-01-02 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-30 20:51 . 2002-01-02 20:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-30 20:24 . 2002-01-03 00:32 -------- d-----w- c:\program files\UBISOFT
2009-07-30 09:54 . 2002-01-02 21:29 -------- d-----w- c:\program files\mIRC
2009-07-29 21:07 . 2002-01-02 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-13 12:36 . 2002-01-02 20:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 12:36 . 2002-01-02 20:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 15:10 . 2002-01-02 15:06 5788672 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-07-02 17:11 . 2002-01-02 15:06 18665472 ----a-w- c:\windows\RTHDCPL.EXE
2009-06-26 12:37 . 2002-01-02 15:06 40960 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-06-24 08:43 . 2002-01-02 15:06 831488 ----a-r- c:\windows\RtlExUpd.dll
2009-06-22 15:39 . 2002-01-02 15:06 1482752 ----a-w- c:\windows\RtlUpd.exe
2009-06-02 16:11 . 2002-01-02 21:44 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-29 21:37 . 2002-01-02 21:44 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2002-01-02 21:44 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-18 09:00 . 2009-07-28 14:14 614400 ----a-w- c:\windows\system32\msvcr80.dll
2009-05-18 09:00 . 2009-07-28 14:14 1798144 ----a-w- c:\windows\system32\msicpl.dll
2009-05-18 09:00 . 2009-07-28 14:14 130048 ----a-w- c:\windows\system32\MadCHook.dll
2009-05-18 09:00 . 2009-07-28 14:14 32768 ----a-w- c:\windows\system32\Auxiliary.dll
2009-07-15 20:30 . 2002-01-02 17:01 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Google Update"="c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2002-01-02 133104]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"catsrv"="c:\documents and settings\Milos\Policies\catsrv.exe" [2007-04-09 626176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WinSys2"="c:\windows\system32\winsys2.exe" [2009-05-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2002-01-02 148888]
"catsrv"="c:\documents and settings\Milos\Policies\catsrv.exe" [2007-04-09 626176]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-07-02 18665472]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Milos\\Policies\\catsrv.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Jelen Super Liga.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/30/2009 10:52 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/2/2002 5:19 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/2/2002 5:19 PM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/3/2002 1:34 AM 55152]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1/2/2002 10:18 PM 604416]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 4:49 PM 1029456]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/2/2002 5:06 PM 1684736]
S3 fsssvc;Windows Live Porodicna bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]

--- Other Services/Drivers In Memory ---

*Deregistered* - SysProtDrv.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-08-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-07-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-329068152-839522115-1003Core.job
- c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-02 19:27]

2009-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-329068152-839522115-1003UA.job
- c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-02 19:27]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/postinstall/win/en
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Milos\Application Data\Mozilla\Firefox\Profiles\fyuod080.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - plugin: c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-01 22:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-01 22:20
ComboFix-quarantined-files.txt 2009-08-01 20:20

Pre-Run: 62,275,203,072 bytes free
Post-Run: 62,252,085,248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

214

Dopuna: 02 Avg 2009 15:24

Primetih da mi je sad malo brzi komp.trebalo bi da je to to ili...?

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Nismo još završili.


Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\Documents and Settings\Milos\Policies\catsrv.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"catsrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"catsrv"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Milos\\Policies\\catsrv.exe"=-

DirLook::
c:\documents and settings\Milos\WINDOWS


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 24 Jan 2009
  • Poruke: 87

Izvini sto kasnim,nisam bio kuci,evo:



ComboFix 09-08-09.04 - Milos 08/10/2009 8:42.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1549 [GMT 2:00]
Running from: c:\documents and settings\Milos\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Milos\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090809-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Milos\Policies\catsrv.exe"
.

((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 06:11 . 2009-08-10 06:11 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-10 06:11 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-08-10 06:11 . 2009-08-10 06:11 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-10 06:10 . 2009-08-10 06:10 -------- d-----w- c:\windows\LastGood
2009-08-02 15:48 . 2009-08-02 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Digsby
2009-08-02 15:47 . 2009-08-02 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Winferno
2009-08-02 15:46 . 2009-08-02 15:51 -------- d-----w- c:\documents and settings\Milos\Local Settings\Application Data\Digsby
2009-08-02 15:46 . 2009-08-02 15:48 -------- d-----w- c:\documents and settings\Milos\Application Data\Digsby
2009-08-02 15:03 . 2009-08-02 15:03 -------- d-----w- c:\program files\Reshade
2009-08-02 14:54 . 2009-08-02 14:54 -------- d-----w- c:\program files\Pravoslavac
2009-08-02 14:47 . 2009-08-02 14:47 -------- d-----w- c:\program files\DiskTrix
2009-08-02 14:39 . 2009-08-02 14:39 -------- d-----w- c:\documents and settings\Milos\Application Data\Recordpad
2009-08-02 11:04 . 2009-08-02 11:04 -------- d-----w- c:\documents and settings\Milos\Local Settings\Application Data\Help
2009-08-02 10:49 . 2009-08-02 10:49 -------- d-----w- c:\windows\SHELLNEW
2009-08-02 10:34 . 2009-08-07 19:12 1 ----a-w- c:\documents and settings\Milos\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-02 10:34 . 2009-08-02 10:34 -------- d-----w- c:\documents and settings\Milos\Application Data\OpenOffice.org
2009-08-02 10:31 . 2009-08-02 10:32 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-02 08:17 . 2009-08-02 14:42 -------- d-----w- c:\documents and settings\Milos\Application Data\Spyware Terminator
2009-08-02 08:17 . 2009-08-02 08:17 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-08-02 08:17 . 2009-08-02 08:17 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-08-02 08:17 . 2009-08-02 08:17 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-08-02 08:17 . 2009-08-02 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-08-02 08:17 . 2009-08-02 08:20 -------- d-----w- c:\program files\Spyware Terminator
2009-08-02 08:10 . 2004-03-22 20:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-08-01 21:57 . 2009-08-06 20:56 -------- d-----w- c:\program files\AskBarDis
2009-08-01 21:41 . 2009-08-01 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
2009-08-01 21:30 . 2009-08-01 21:30 -------- d-----w- c:\program files\Idoru
2009-08-01 04:35 . 2009-08-01 04:35 -------- d-----w- c:\documents and settings\Milos\Application Data\Leadertech
2009-08-01 04:30 . 2009-08-01 04:30 -------- d-----w- c:\program files\EA Sports
2009-07-31 14:33 . 2009-07-31 14:33 -------- d-----w- c:\documents and settings\Milos\Application Data\CyberLink
2009-07-31 09:48 . 2009-07-31 11:40 -------- d-----w- c:\program files\ApexDC++
2009-07-31 08:24 . 2009-07-31 08:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-31 08:17 . 2009-07-31 08:17 -------- d-----w- c:\documents and settings\Milos\WINDOWS
2009-07-30 20:57 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-30 20:52 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-30 20:51 . 2009-07-30 20:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-30 20:51 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-30 20:51 . 2009-07-30 20:51 -------- d-----w- c:\program files\Lavasoft
2009-07-30 17:36 . 2009-07-30 17:36 -------- d-----w- c:\documents and settings\Milos\Application Data\Desktopicon
2009-07-30 17:36 . 2009-07-30 17:36 -------- d-----w- c:\program files\Unlocker
2009-07-30 09:45 . 2009-07-30 09:45 -------- d-sh--w- c:\windows\ftpcache
2009-07-30 08:20 . 2009-07-30 08:20 -------- d-----w- c:\documents and settings\Milos\Application Data\BlackBean
2009-07-30 07:22 . 2009-07-30 07:22 -------- d-----w- c:\windows\Cache
2009-07-30 07:15 . 2009-07-30 07:15 -------- d-----w- c:\documents and settings\Milos\Local Settings\Application Data\HP
2009-07-29 20:49 . 2009-07-29 20:49 -------- d-----w- c:\program files\Jufsoft
2009-07-28 14:15 . 2009-05-18 09:00 208896 ----a-w- c:\windows\system32\WinSys2.exe
2009-07-28 14:15 . 2009-05-18 09:00 131072 ----a-w- c:\windows\system32\smdll.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 06:11 . 2002-01-02 20:16 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-06 09:17 . 2002-01-02 15:06 72168 ----a-w- c:\documents and settings\Milos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-02 14:39 . 2002-01-02 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-08-02 14:39 . 2002-01-02 20:15 -------- d-----w- c:\program files\NCH Swift Sound
2009-08-02 14:39 . 2002-01-02 20:15 -------- d-----w- c:\documents and settings\Milos\Application Data\NCH Swift Sound
2009-08-02 13:45 . 2002-01-02 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-02 08:19 . 2002-01-02 15:38 -------- d-----w- c:\program files\MV2 Player
2009-08-02 07:29 . 2002-01-02 15:16 -------- d-----w- c:\program files\MSBuild
2009-08-01 23:01 . 2002-01-02 15:17 -------- d-----w- c:\program files\Microsoft Works
2009-08-01 22:02 . 2002-01-02 15:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 08:35 . 2002-01-03 18:22 -------- d-----w- c:\program files\KONAMI
2009-07-30 20:51 . 2002-01-02 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-30 20:51 . 2002-01-02 20:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-30 20:24 . 2002-01-03 00:32 -------- d-----w- c:\program files\UBISOFT
2009-07-30 09:54 . 2002-01-02 21:29 -------- d-----w- c:\program files\mIRC
2009-07-29 21:07 . 2002-01-02 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-13 12:36 . 2002-01-02 20:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 12:36 . 2002-01-02 20:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 15:10 . 2002-01-02 15:06 5788672 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-07-02 17:11 . 2002-01-02 15:06 18665472 ----a-w- c:\windows\RTHDCPL.EXE
2009-06-26 12:37 . 2002-01-02 15:06 40960 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-06-24 08:43 . 2002-01-02 15:06 831488 ----a-r- c:\windows\RtlExUpd.dll
2009-06-22 15:39 . 2002-01-02 15:06 1482752 ----a-w- c:\windows\RtlUpd.exe
2009-06-02 16:11 . 2002-01-02 21:44 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-29 21:37 . 2002-01-02 21:44 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2002-01-02 21:44 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-18 09:00 . 2009-07-28 14:14 614400 ----a-w- c:\windows\system32\msvcr80.dll
2009-05-18 09:00 . 2009-07-28 14:14 1798144 ----a-w- c:\windows\system32\msicpl.dll
2009-05-18 09:00 . 2009-07-28 14:14 130048 ----a-w- c:\windows\system32\MadCHook.dll
2009-05-18 09:00 . 2009-07-28 14:14 32768 ----a-w- c:\windows\system32\Auxiliary.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Milos\WINDOWS ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-15 10:59 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-15 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-15 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2002-01-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WinSys2"="c:\windows\system32\winsys2.exe" [2009-05-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2002-01-02 148888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-07-02 18665472]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Milos^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Milos\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Milos^Start Menu^Programs^Startup^Pravoslavac 2008.lnk]
path=c:\documents and settings\Milos\Start Menu\Programs\Startup\Pravoslavac 2008.lnk
backup=c:\windows\pss\Pravoslavac 2008.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Jelen Super Liga.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\DiskTrix\\UltimateDefrag2008\\UDefrag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/30/2009 10:52 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/2/2002 5:19 PM 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/2/2009 10:17 AM 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/2/2002 5:19 PM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/3/2002 1:34 AM 55152]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/10/2009 8:11 AM 604488]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 4:49 PM 1029456]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/2/2002 5:06 PM 1684736]
S3 fsssvc;Windows Live Porodicna bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - TUNEUP.PROGRAMSTATISTICSSVC
*NewlyCreated* - UXTUNEUP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-08-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-329068152-839522115-1003Core.job
- c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-02 19:27]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-329068152-839522115-1003UA.job
- c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-02 19:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/postinstall/win/en
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Milos\Application Data\Mozilla\Firefox\Profiles\fyuod080.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101810&l=dis
FF - plugin: c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-10 08:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-10 8:44
ComboFix-quarantined-files.txt 2009-08-10 06:44
ComboFix2.txt 2009-08-10 06:37
ComboFix3.txt 2009-08-01 20:20

Pre-Run: 61,140,901,888 bytes free
Post-Run: 61,122,555,904 bytes free

258

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Ovo sada izgleda ok, nema više tragova malware_a.

Ostalo je još samo da uklonimo ComboFix.


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 972 korisnika na forumu :: 61 registrovanih, 11 sakrivenih i 900 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, aleksmajstor, Alibaba1981, amaterSRB, Atomski čoban, b_z_b, babaroga, Ben Roj, Bobrock1, brundo65, Buda Baba, cenejac111, dankisha, darkangel, darkstar101, ddjxxi, Denaya, Despot1, djordje92sm, Dorcolac, Dostanic09, DPera, draganl, eighty-one, FileFinder, Georgius, Ivan Campo, ivica976, ivicasimo, jovancc, kaptain, kybonacci, laze2, ljuba, mercedesamg, mihajlot2013, mikrimaus, mile23, Milometer, misasumadinac123, nuki1234, procesor, proka89, promajauglavi, Romibrat, royst33, ruso, Shilok, Shinobi, SlaKoj, Snorks, Srpska zauvjek, strn, t84dar, tmanda323, Vlada1389, Zimbabwe, zixmix, |_MeD_|, Živković