problem sa kompom

1

problem sa kompom

offline
  • Pridružio: 21 Feb 2011
  • Poruke: 28

imam problem sa kompom,koci mi puno pa neznam jesu li virusi u pitanju ili nesto drugo,imam windows xp profesional service pack 2,Intel Celeron CPU 540 1.86 GHz 1,99gb RAM.OD ZASTITE KORISTIM avg antivirus i malwarebytes antymalware,pri skeniranju sam izbrisao nekoliko trojanaca ali ocigledno ne sve cim mi koci i dalje,imam pokrenuta 33 procesa i pf usage mi je velik oko 600 skoro stalno,nadam se da ce mi neko objasniti kako da rijesim problem,imam adsl konekciju,imam oko 40 filmova ina kompu ako to nesto zanci mada mi je dosta memorije prazno





DDS (Ver_10-12-12.02) - NTFSx86
Run by dzoni at 18:03:48,65 on pon 21.02.2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1254 [GMT 1:00]

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\dzoni\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.facemoods.com
mSearchAssistant = hxxp://start.facemoods.com/?a=mnv&s={searchTerms}&f=4
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java(tm) Plug-In 2 SSV Helper
TB: {EE9A4208-64EC-11DE-8440-204256D89593} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
TCP: {5C9E8E41-A12F-4AAE-A077-60447A35E9B5} = 195.66.189.137 195.66.189.138
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dzoni\applic~1\mozilla\firefox\profiles\blmp8vnb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=5.008.027.003 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-8-16 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-8-16 5248]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2011-2-4 475736]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-2-18 93360]
R2 avgfws;AVG zaљtitni zid;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-11 363344]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-11 20952]
S2 AVP;AVP; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-2-11 488776]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-3 36640]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys --> c:\windows\system32\drivers\ewusbdev.sys [?]

=============== Created Last 30 ================

2011-02-21 17:01:12 -------- d--h--w- c:\windows\PIF
2011-02-21 12:41:10 -------- d-----w- c:\docume~1\dzoni\applic~1\Uniblue
2011-02-20 19:44:44 -------- d-sh--w- c:\documents and settings\dzoni\IECompatCache
2011-02-18 13:24:11 -------- d-----w- c:\docume~1\dzoni\applic~1\PCTools
2011-02-18 13:14:18 -------- d-----w- c:\program files\common files\PC Tools
2011-02-18 12:17:40 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-17 21:42:02 -------- d-----w- c:\docume~1\dzoni\locals~1\applic~1\NPE
2011-02-17 21:23:50 -------- d-----w- c:\program files\CCleaner
2011-02-16 09:07:47 -------- d-----w- c:\program files\common files\ODBC
2011-02-16 09:05:24 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-14 17:33:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2011-02-14 17:31:43 -------- d-----w- c:\program files\LeeGT-Games
2011-02-11 17:03:08 -------- d-----w- c:\docume~1\dzoni\applic~1\Malwarebytes
2011-02-11 17:02:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 17:02:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-11 17:02:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 17:02:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 16:04:26 -------- d--h--w- C:\$AVG
2011-02-11 15:27:46 -------- d-----w- c:\docume~1\dzoni\locals~1\applic~1\AVG Security Toolbar
2011-02-11 15:26:57 -------- d-----w- c:\docume~1\dzoni\applic~1\AVG10
2011-02-11 15:25:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-02-11 15:24:32 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-11 15:24:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-11 15:24:08 -------- d-----w- c:\program files\AVG
2011-02-11 13:18:26 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2011-02-11 13:18:26 22 --sha-w- c:\docume~1\dzoni\applic~1\Sys6925.Config Collection.sys
2011-02-07 16:33:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-02-06 20:05:48 -------- d-----w- c:\docume~1\dzoni\locals~1\applic~1\Microsoft Help
2011-02-04 15:55:23 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-04 15:55:23 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-04 15:00:12 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-02-04 15:00:05 -------- d-----w- c:\program files\common files\xing shared
2011-02-04 14:59:53 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-02-04 14:59:49 100864 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-02-02 21:28:29 -------- d-----w- c:\windows\_ISTMP1.DIR
2011-02-02 21:22:05 -------- d-----w- c:\docume~1\dzoni\locals~1\applic~1\Google
2011-02-02 18:28:18 18944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-02-02 18:28:18 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-02-02 14:47:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 14:47:12 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-29 22:05:58 -------- d-----w- c:\docume~1\dzoni\locals~1\applic~1\PackageAware
2011-01-27 16:45:10 -------- d-----w- c:\windows\SxsCaPendDel
2011-01-26 15:17:49 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-26 14:43:34 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-01-26 14:36:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-26 14:27:23 -------- d-----w- C:\tmpDownload
2011-01-26 13:52:15 -------- d-----w- c:\docume~1\dzoni\applic~1\PriceGong

==================== Find3M ====================

2011-02-04 14:59:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-04 14:59:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr

============= FINISH: 18:04:56,59 ===============






mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav, dobro dosao na forum.


Prvo preuzmi ovaj program i pokreni ga da pocistis ostatke Kaspersky AV-a

http://support.kaspersky.com/downloads/utils/kavremover10.zip


Drugo, deinstaliraj AVG jer ima sukob sa alatom koji cu ti dati u sledecem koraku.




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 21 Feb 2011
  • Poruke: 28

bolje te nasao,skenirao sam bio komp sa dr web u safe mode pa mi zakocio totalno zato ne vidjeh odgovor i sad ti odgovaram ,nasao mi je zarazen fajl,u c/windows/system32 win32.hllw.gavir.ini,i pitao me da li da izlijecim i ja pretisnih da i on ga izbrisa ,kad ga je izbrisao pise datoteka hosts je promijenjena i nece raditi ispravno i pitao me da restore tu datoteku i j pretusnuh da,sad neznam sta se desilo da li je izbrisan taj virus ili sam izbrisao neku komponentu windowsa pojma nemam,ISPISAH OVO CISTO DA STE U UPUCENI,odradio sam ovo sto si napisao izbrisao sam avg diseble sam malware i skenirao sam sa combofixom ,samo nije mi nasao nista od kasperskog ,a imao sam kasperski prije mjesec dana i izbrisao sam ga i kad sam pokusao da ga ponovo instaliram nije hjeto nego je pisaolo da je ostao neki dio a sad mi kaze sa ovim programom nema kas na comp,evo ovaj log i cekam nova upustva

ComboFix 11-02-20.03 - dzoni 21.02.2011 23:25:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1578 [GMT 1:00]
Running from: c:\documents and settings\dzoni\My Documents\Downloads\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\dzoni\Application Data\PriceGong
c:\windows\daemon.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-21 to 2011-02-21 )))))))))))))))))))))))))))))))
.

2011-02-21 20:43 . 2011-02-21 20:43 -------- d-----w- c:\documents and settings\dzoni\DoctorWeb
2011-02-21 20:36 . 2011-02-21 20:36 139768 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-02-21 19:41 . 2011-02-21 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-21 18:22 . 2011-02-21 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-02-21 17:01 . 2011-02-21 17:01 -------- d--h--w- c:\windows\PIF
2011-02-21 12:41 . 2011-02-21 12:41 -------- d-----w- c:\documents and settings\dzoni\Application Data\Uniblue
2011-02-20 19:44 . 2011-02-20 19:44 -------- d-sh--w- c:\documents and settings\dzoni\IECompatCache
2011-02-18 13:24 . 2011-02-18 13:24 -------- d-----w- c:\documents and settings\dzoni\Application Data\PCTools
2011-02-18 13:14 . 2011-02-18 13:48 -------- d-----w- c:\program files\Common Files\PC Tools
2011-02-18 12:17 . 2011-02-18 12:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-18 12:09 . 2011-02-18 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-02-18 11:39 . 2011-02-18 11:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-02-17 23:32 . 2011-02-17 23:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-17 21:42 . 2011-02-18 10:19 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\NPE
2011-02-17 21:23 . 2011-02-17 21:23 -------- d-----w- c:\program files\CCleaner
2011-02-16 09:05 . 2011-02-16 09:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-15 09:28 . 2011-02-15 09:28 -------- d-----w- c:\documents and settings\Administrator
2011-02-14 17:33 . 2011-02-14 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-02-13 01:23 . 2011-02-18 13:48 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-11 17:03 . 2011-02-11 17:03 -------- d-----w- c:\documents and settings\dzoni\Application Data\Malwarebytes
2011-02-11 17:02 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 17:02 . 2011-02-11 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-11 17:02 . 2011-02-18 13:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 17:02 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 16:04 . 2011-02-11 16:04 -------- d-----w- C:\$AVG
2011-02-11 15:27 . 2011-02-11 15:27 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\AVG Security Toolbar
2011-02-11 15:26 . 2011-02-11 15:26 -------- d-----w- c:\documents and settings\dzoni\Application Data\AVG10
2011-02-11 15:24 . 2011-02-21 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-02-11 15:24 . 2011-02-11 15:24 -------- d-----w- c:\program files\AVG
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\documents and settings\dzoni\Application Data\Sys6925.Config Collection.sys
2011-02-07 16:33 . 2011-02-09 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-02-06 23:17 . 2011-02-06 23:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-02-06 20:05 . 2011-02-06 20:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Microsoft Help
2011-02-06 20:05 . 2011-02-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-02-06 19:58 . 2011-02-06 19:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-04 17:50 . 2011-02-04 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software
2011-02-04 15:55 . 2011-02-11 12:20 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-04 15:55 . 2011-02-11 12:20 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-04 15:00 . 2011-02-04 15:00 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-02-04 15:00 . 2011-02-04 15:00 -------- d-----w- c:\program files\Common Files\xing shared
2011-02-04 14:59 . 2011-02-04 14:59 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-02-04 14:59 . 2011-02-04 14:59 100864 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-02-04 14:59 . 2011-02-04 15:00 -------- d-----w- c:\program files\Real
2011-02-02 21:28 . 2011-02-02 21:28 -------- d-----w- c:\windows\_ISTMP1.DIR
2011-02-02 21:22 . 2011-02-02 21:24 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Google
2011-02-02 21:21 . 2011-02-02 21:22 -------- d-----w- c:\program files\Google
2011-02-02 18:28 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-02-02 18:28 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-29 22:05 . 2011-01-29 22:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\PackageAware
2011-01-27 16:45 . 2011-01-27 16:54 -------- d-----w- c:\windows\SxsCaPendDel
2011-01-26 15:17 . 2011-01-26 15:17 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-26 14:43 . 2011-02-11 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-26 14:36 . 2011-01-26 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-26 14:27 . 2011-01-26 14:27 -------- d-----w- C:\tmpDownload

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 14:59 . 2009-05-04 08:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-04 14:59 . 2009-05-04 08:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-10 13:17 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-10 13:17 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-04-16 09:22 970752 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-04-16 09:24 819200 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-10 13:17 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 09:57 16855552 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-02-04 14:59 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [16.8.2010 23:34 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [16.8.2010 23:34 5248]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [21.2.2011 21:36 139768]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [18.2.2011 13:17 93360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.2.2011 18:02 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.2.2011 18:02 20952]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.8.2010 13:09 36640]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-789336058-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]

2011-02-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-789336058-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\dzoni\Application Data\Mozilla\Firefox\Profiles\blmp8vnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-a-squared - c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-02-21 23:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-21 23:34:49
ComboFix-quarantined-files.txt 2011-02-21 22:34

Pre-Run: 32.458.719.232 bytes free
Post-Run: 32.473.808.896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 572198605DA9E04AE927AF29E30D8FDF

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pokreni ovaj program da potpuno pocisti AVG
http://www.avg.com/ww-en/download-tools


Udji u Safe mode i pokreni ponovo Kavremover ima jos ostataka.

Kako uci u Safe mode

Zatim restartuj racunar u normal mode.


Otvoriti Notepad i iskopirati sledeci tekst:

DirLook::
c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 21 Feb 2011
  • Poruke: 28

evo care odradio sam ovo sto si mi rekao,avg je odradio onda odoh u safe mode ali ni tamo nije nasao kasperski ovaj remover pise not detected kas on comp,neznam u cemu je problem,evo ti ovaj log sa comba sto sam odradio,cekam dalja upustva,e jos nesto trazio mi je na pocetku combo da li da ga update i ja sam pretisnuo da i onda je odradio ovo

ComboFix 11-02-21.02 - dzoni 22.02.2011 10:53:07.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1568 [GMT 1:00]
Running from: c:\documents and settings\dzoni\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\dzoni\Desktop\CFScript.txt.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-21 20:43 . 2011-02-21 20:43 -------- d-----w- c:\documents and settings\dzoni\DoctorWeb
2011-02-21 20:36 . 2011-02-21 20:36 139768 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-02-21 17:01 . 2011-02-21 17:01 -------- d--h--w- c:\windows\PIF
2011-02-20 19:44 . 2011-02-20 19:44 -------- d-sh--w- c:\documents and settings\dzoni\IECompatCache
2011-02-18 12:17 . 2011-02-18 12:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-18 11:39 . 2011-02-18 11:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-02-17 23:32 . 2011-02-17 23:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-17 21:42 . 2011-02-18 10:19 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\NPE
2011-02-17 21:23 . 2011-02-17 21:23 -------- d-----w- c:\program files\CCleaner
2011-02-16 09:05 . 2011-02-16 09:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-15 09:28 . 2011-02-15 09:28 -------- d-----w- c:\documents and settings\Administrator
2011-02-14 17:33 . 2011-02-14 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-02-11 17:03 . 2011-02-11 17:03 -------- d-----w- c:\documents and settings\dzoni\Application Data\Malwarebytes
2011-02-11 17:02 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 17:02 . 2011-02-11 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-11 17:02 . 2011-02-18 13:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 17:02 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\documents and settings\dzoni\Application Data\Sys6925.Config Collection.sys
2011-02-07 16:33 . 2011-02-09 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-02-06 23:17 . 2011-02-06 23:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-02-06 20:05 . 2011-02-06 20:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Microsoft Help
2011-02-06 20:05 . 2011-02-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-02-06 19:58 . 2011-02-06 19:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-04 17:50 . 2011-02-04 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software
2011-02-04 15:55 . 2011-02-11 12:20 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-04 15:55 . 2011-02-11 12:20 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-04 14:59 . 2011-02-21 23:27 -------- d-----w- c:\program files\Real
2011-02-02 21:28 . 2011-02-02 21:28 -------- d-----w- c:\windows\_ISTMP1.DIR
2011-02-02 21:22 . 2011-02-02 21:24 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Google
2011-02-02 21:21 . 2011-02-02 21:22 -------- d-----w- c:\program files\Google
2011-02-02 18:28 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-02-02 18:28 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-29 22:05 . 2011-01-29 22:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\PackageAware
2011-01-27 16:45 . 2011-01-27 16:54 -------- d-----w- c:\windows\SxsCaPendDel
2011-01-26 15:17 . 2011-01-26 15:17 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-26 14:43 . 2011-02-11 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-26 14:36 . 2011-01-26 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-26 14:27 . 2011-01-26 14:27 -------- d-----w- C:\tmpDownload

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 14:59 . 2009-05-04 08:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-04 14:59 . 2009-05-04 08:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} ----

2011-01-26 15:17 . 2011-01-26 15:17 18200064 ----a-w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-10 13:17 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-10 13:17 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-04-16 09:22 970752 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-04-16 09:24 819200 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-10 13:17 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 09:57 16855552 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [16.8.2010 23:34 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [16.8.2010 23:34 5248]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [21.2.2011 21:36 139768]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [18.2.2011 13:17 93360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.2.2011 18:02 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.2.2011 18:02 20952]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.8.2010 13:09 36640]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: {5C9E8E41-A12F-4AAE-A077-60447A35E9B5} = 195.66.189.137 195.66.189.138
FF - ProfilePath - c:\documents and settings\dzoni\Application Data\Mozilla\Firefox\Profiles\blmp8vnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-02-22 10:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3108-)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-22 11:01:49
ComboFix-quarantined-files.txt 2011-02-22 10:01
ComboFix2.txt 2011-02-21 22:34

Pre-Run: 32.572.157.952 bytes free
Post-Run: 32.563.023.872 bytes free

- - End Of File - - 3E44273D11855713A7B3922760F5B78A

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvoriti Notepad i iskopirati sledeci tekst:

SecCenter::
{8decf618-9569-4340-b34a-d78d28969b66}




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Kako se sada ponasa comp?

offline
  • Pridružio: 21 Feb 2011
  • Poruke: 28

Napisano: 22 Feb 2011 11:39

cini mi se da je bolje,ustvari ne koci kao juce ali on mi tako neki put proradi pa odjednom zakoci,evo ti novi log

ComboFix 11-02-21.02 - dzoni 22.02.2011 11:28:29.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1547 [GMT 1:00]
Running from: c:\documents and settings\dzoni\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\dzoni\Desktop\CFScript.txt.txt
.

((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-21 20:43 . 2011-02-21 20:43 -------- d-----w- c:\documents and settings\dzoni\DoctorWeb
2011-02-21 20:36 . 2011-02-21 20:36 139768 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-02-21 17:01 . 2011-02-21 17:01 -------- d--h--w- c:\windows\PIF
2011-02-20 19:44 . 2011-02-20 19:44 -------- d-sh--w- c:\documents and settings\dzoni\IECompatCache
2011-02-18 12:17 . 2011-02-18 12:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-18 11:39 . 2011-02-18 11:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-02-17 23:32 . 2011-02-17 23:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-17 21:42 . 2011-02-18 10:19 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\NPE
2011-02-17 21:23 . 2011-02-17 21:23 -------- d-----w- c:\program files\CCleaner
2011-02-16 09:05 . 2011-02-16 09:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-15 09:28 . 2011-02-15 09:28 -------- d-----w- c:\documents and settings\Administrator
2011-02-14 17:33 . 2011-02-14 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-02-11 17:03 . 2011-02-11 17:03 -------- d-----w- c:\documents and settings\dzoni\Application Data\Malwarebytes
2011-02-11 17:02 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 17:02 . 2011-02-11 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-11 17:02 . 2011-02-18 13:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 17:02 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\documents and settings\dzoni\Application Data\Sys6925.Config Collection.sys
2011-02-07 16:33 . 2011-02-09 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-02-06 23:17 . 2011-02-06 23:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-02-06 20:05 . 2011-02-06 20:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Microsoft Help
2011-02-06 20:05 . 2011-02-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-02-06 19:58 . 2011-02-06 19:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-04 17:50 . 2011-02-04 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software
2011-02-04 15:55 . 2011-02-11 12:20 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-04 15:55 . 2011-02-11 12:20 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-04 14:59 . 2011-02-21 23:27 -------- d-----w- c:\program files\Real
2011-02-02 21:28 . 2011-02-02 21:28 -------- d-----w- c:\windows\_ISTMP1.DIR
2011-02-02 21:22 . 2011-02-02 21:24 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Google
2011-02-02 21:21 . 2011-02-02 21:22 -------- d-----w- c:\program files\Google
2011-02-02 18:28 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-02-02 18:28 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-29 22:05 . 2011-01-29 22:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\PackageAware
2011-01-27 16:45 . 2011-01-27 16:54 -------- d-----w- c:\windows\SxsCaPendDel
2011-01-26 15:17 . 2011-01-26 15:17 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-26 14:43 . 2011-02-11 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-26 14:36 . 2011-01-26 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-26 14:27 . 2011-01-26 14:27 -------- d-----w- C:\tmpDownload

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 14:59 . 2009-05-04 08:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-04 14:59 . 2009-05-04 08:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-10 13:17 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-10 13:17 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-04-16 09:22 970752 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-04-16 09:24 819200 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-10 13:17 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 09:57 16855552 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [16.8.2010 23:34 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [16.8.2010 23:34 5248]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [21.2.2011 21:36 139768]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [18.2.2011 13:17 93360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.2.2011 18:02 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.2.2011 18:02 20952]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.8.2010 13:09 36640]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\dzoni\Application Data\Mozilla\Firefox\Profiles\blmp8vnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-02-22 11:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-22 11:36:56
ComboFix-quarantined-files.txt 2011-02-22 10:36
ComboFix2.txt 2011-02-22 10:01
ComboFix3.txt 2011-02-21 22:34

Pre-Run: 32.625.287.168 bytes free
Post-Run: 32.616.263.680 bytes free

- - End Of File - - 3F86C1D1FB5638E4400232046F15238A

Dopuna: 22 Feb 2011 12:20

care ja sam totalno zaboravio da disable malwarebytes ,jer sam ga posle prvog pokrecanja comba kad se zavrsio skeniranje vratio na enable i jutros ga nisam vracao na disable,ocu li ga ponovo skenirati ova dva puta sa iskucenom zastitom?oprosti ako te mucim puno ,ne sjetih se jutros da ga iskljucim ,

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Racunar je cist sto se malware-a tice.

Od antimalware programa, dovoljan ti je Malwarebytes.



Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



I ne zaboravi da instaliras neki AV, moja preporuka je Avast5 ili Avira free

Ukoliko si instalirao drWeb Antivirus, deinstaliraj ga (mislim da je av u pitanju).

offline
  • Pridružio: 21 Feb 2011
  • Poruke: 28

ok care hvala ti ,da li mogu nekome da se obratim sto se tice ubrzanja kompa ili ciscenja nepotrebnim fajlova i da vidim koji mi procesi trebaju koji ne da ih maknem itd,u svakom slucaj ti hvala,pozzzzz

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Mozes slobodno da otvoris temu u Windows forumu, vec ce ti neko preporuciti alate za sredjivanje kompa.

Pozdrav.

Ko je trenutno na forumu
 

Ukupno su 618 korisnika na forumu :: 25 registrovanih, 2 sakrivenih i 591 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Bane san, Botovac, CrazyDiablo, croato, Dukelander, Duško, gasha, GrobarRomanticar, HrcAk47, ivan1973, MB120mm, milosrdni94, pedja.st, pein, sakota79, suton, The Joker, Trpe Grozni, Wisdomseeker, zexoni, zlaya011, Zvrk, |_MeD_|