zarazen kompjuter

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 17 Jun 2009 22:25

ona je sve uradila kako ste rekli.Prvo je dezinstalitala ComboFix.exe. ovaj prvi,pokrenula je ovaj drugi i on je nesto radio,pa se resetovao.

Ali nam nije nikakav tekst izbacilo,pa da vam objavimo.
Je li to u redu?

Dopuna: 17 Jun 2009 22:30

Sta dalje da radimo?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

pogledaj u C particiji dal postoji dokument Combofix.txt pa ga okaci ovde.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 19 Jun 2009 14:38

ComboFix 09-06-16.05 - x 19.06.2009 11:43.4 - NTFSx86
Running from: c:\documents and settings\x\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_dhcpsrv
-------\Legacy_msncache
-------\Legacy_msupdate
-------\Legacy_POWERMANAGER
-------\Legacy_protect
-------\Legacy_sopidkc
-------\Service_msncache
-------\Service_PowerManager


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-13 17:25 . 2009-06-13 17:25 -------- d-----w- c:\documents and settings\x\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 19:18 . 2008-05-24 16:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 11:36 . 2008-10-24 18:41 -------- d-----w- c:\documents and settings\x\Application Data\skypePM
2009-06-10 11:36 . 2008-10-23 20:00 -------- d-----w- c:\documents and settings\x\Application Data\Skype
2009-05-19 16:31 . 2009-04-25 09:35 0 ----a-w- c:\windows\system32\drivers\1d91fa8d.sys
2009-05-08 14:47 . 2009-05-07 21:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-08 14:47 . 2009-05-07 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-08 14:40 . 2009-05-08 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-08 14:30 . 2009-05-07 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-08 14:13 . 2009-05-08 14:13 -------- d-----w- c:\program files\Realtek Sound Manager
2009-05-08 14:13 . 2004-10-06 15:50 -------- d-----w- c:\program files\AvRack
2009-05-08 14:13 . 2009-05-08 14:12 -------- d-----w- c:\program files\Realtek AC97
2009-05-08 13:04 . 2004-10-06 06:17 22776 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-08 10:10 . 2009-05-08 10:10 36864 ----a-w- c:\windows\system32\slrundll.exe
2009-05-08 06:37 . 2008-03-10 18:01 -------- d-----w- c:\program files\Winamp
2009-05-08 05:55 . 2009-05-08 05:49 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-07 19:55 . 2009-05-07 19:55 -------- d-----w- c:\documents and settings\x\Application Data\TuneUp Software
2009-05-07 13:38 . 2008-10-10 20:50 90112 ----a-w- c:\windows\unvise32qt.exe
2009-05-07 13:38 . 2006-07-14 14:29 970752 ----a-w- c:\windows\UNRecode.exe
2009-05-07 13:38 . 2006-07-14 14:29 970752 ----a-w- c:\windows\UNNeroVision.exe
2009-05-07 13:29 . 2004-10-06 15:53 26624 ----a-w- c:\windows\system32\xpsp1hfm.exe
2009-05-07 13:13 . 2004-10-06 16:03 323584 ----a-w- c:\windows\system32\nwiz.exe
2009-05-07 13:12 . 1998-10-01 19:00 39936 ----a-w- c:\windows\system32\MAPISRVR.EXE
2009-05-07 13:12 . 2004-10-06 16:03 290816 ----a-w- c:\windows\system32\keystone.exe
2009-05-07 13:11 . 2002-08-29 03:41 172544 ----a-w- c:\windows\system32\jview.exe
2009-05-07 13:11 . 2002-08-29 03:41 14848 ----a-w- c:\windows\system32\jdbgmgr.exe
2009-05-07 13:11 . 2004-08-03 23:56 22016 ----a-w- c:\windows\system32\faxpatch.exe
2009-05-07 13:05 . 2004-08-03 23:56 8704 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-05-07 13:05 . 2007-07-15 21:46 165376 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-05-07 13:05 . 2004-08-03 23:56 22016 ----a-w- c:\windows\system32\spupdwxp.exe
2009-05-07 12:50 . 2007-08-08 18:21 47104 ----a-w- c:\windows\system32\uwdf.exe
2009-05-07 12:46 . 2002-08-29 03:41 171520 ----a-w- c:\windows\system32\wjview.exe
2009-05-07 12:46 . 2002-08-29 03:41 81920 ----a-w- c:\windows\system32\wmpstub.exe
2009-05-07 12:42 . 2008-10-29 18:17 9728 ----a-w- c:\windows\system32\comsdupd.exe
2009-05-07 12:42 . 2002-08-29 03:41 50176 ----a-w- c:\windows\system32\clspack.exe
2009-05-06 22:51 . 2005-01-18 06:58 300032 ----a-w- c:\windows\uninst.exe
2009-05-06 22:51 . 2005-01-18 06:58 302592 ----a-w- c:\windows\unin040c.exe
2009-05-06 22:51 . 2005-08-09 21:38 274432 ----a-w- c:\windows\TLCUninstall.exe
2009-05-06 22:51 . 2004-10-06 15:49 307712 ----a-w- c:\windows\IsUninst.exe
2009-05-06 22:10 . 1999-08-02 09:47 391680 ----a-w- c:\program files\YuRecnik.exe
2009-05-06 22:10 . 1999-08-02 09:40 224256 ----a-w- c:\program files\MiniYuRecnik.exe
2009-05-06 22:10 . 1999-01-25 04:27 29184 ----a-w- c:\program files\Uninstal.exe
2009-05-06 19:45 . 2004-10-06 16:00 335872 ----a-r- c:\windows\Anvshell.exe
2009-05-06 19:45 . 2004-10-06 16:00 24576 -c--a-r- c:\windows\ANVUNIS.exe
2009-05-06 18:57 . 2004-10-09 22:26 1094656 ----a-w- c:\documents and settings\Recnik\Recnik.EXE
2009-05-06 18:49 . 2008-11-18 14:55 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-06 18:01 . 2008-12-25 23:32 184320 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-06 17:56 . 2007-08-08 18:21 38912 ----a-w- c:\windows\system32\wdfmgr.exe
2009-05-06 17:56 . 2004-10-06 16:03 73728 ----a-w- c:\windows\system32\nvsvc32.exe
2009-05-06 17:54 . 2004-10-10 00:35 221184 ----a-w- c:\windows\system32\srkey.exe
2009-04-28 15:06 . 2006-12-12 23:45 -------- d-----w- c:\program files\Recnik20
2009-04-28 14:35 . 2009-02-01 12:48 -------- d-----w- c:\program files\Mp3 Knife
2009-04-28 14:35 . 2009-02-01 13:06 -------- d-----w- c:\program files\DVD Knife
2009-01-07 20:56 . 2007-03-12 01:08 1123 ----a-w- c:\program files\Yurecnik.ini
2009-01-07 11:54 . 2007-03-12 01:08 258 ----a-w- c:\program files\Mini-YuRecnik.ini
2007-08-07 21:20 . 2004-10-08 04:05 778240 ----a-w- c:\program files\Mv2Player.exe
2007-03-12 01:07 . 2007-03-12 01:06 10819 ---ha-w- c:\program files\Yurecnik.GID
2007-03-12 01:06 . 2007-03-12 01:06 1909 ----a-w- c:\program files\uninstal.log
2007-02-17 23:17 . 2005-05-11 00:02 313 ----a-w- c:\program files\MV2Player.rcn
2007-02-17 23:17 . 2005-05-11 00:02 10751 ----a-w- c:\program files\MV2Player.ini
2007-02-17 23:17 . 2005-05-11 00:02 36 ----a-w- c:\program files\LastSet.mv2
1999-08-02 09:35 . 1999-08-02 09:35 9559 ----a-w- c:\program files\YURECNIK.HLP
1999-08-02 09:35 . 1999-08-02 09:35 57 ----a-w- c:\program files\Yurecnik.CNT
1999-07-29 09:43 . 1999-07-29 09:43 2447472 ----a-w- c:\program files\Reci.dat
1996-09-06 12:08 . 1996-09-06 12:08 30070 ----a-w- c:\program files\Fb_deflt.dic
1996-02-23 15:26 . 1996-02-23 15:26 469504 -c--a-w- c:\program files\Fb_11k8.dll
1996-02-23 14:59 . 1996-02-23 14:59 34816 ----a-w- c:\program files\Fb_spch.dll
1996-02-23 14:48 . 1996-02-23 14:48 4608 ----a-w- c:\program files\Fb_timer.dll
1996-02-23 14:46 . 1996-02-23 14:46 29184 ----a-w- c:\program files\Fb_ngn.exe
1996-02-23 14:21 . 1996-02-23 14:21 16896 ----a-w- c:\program files\Uraspec.exe
1996-02-23 14:17 . 1996-02-23 14:17 18432 ----a-w- c:\program files\Dictmgr.exe
1993-11-29 08:32 . 1993-11-29 08:32 16896 ----a-w- c:\program files\Monologw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-28 185872]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-04-02 49152]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^x^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S1 1d91fa8d;1d91fa8d;c:\windows\system32\drivers\1d91fa8d.sys [25.4.2009 11:35 0]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10.12.2008 19:51 29744]
S3 ISOUSB;Vimicro UVC generic driver;c:\windows\system32\drivers\vgeneric.sys [28.10.2008 22:20 64000]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [18.10.2007 12:31 98328]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [29.10.2008 21:04 249984]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [29.10.2008 21:04 476032]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)


.
------- Supplementary Scan -------
.
mSearch Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: &Search - ?p=ZCfox000
IE: Send to &Bluetooth Device... - c:\program files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\x\Application Data\Mozilla\Firefox\Profiles\255yjv76.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\Npindeo.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-06-19 11:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
Completion time: 2009-06-19 11:56
ComboFix-quarantined-files.txt 2009-06-19 09:55
ComboFix2.txt 2009-06-15 16:47

Pre-Run: 6.374.752.256 bytes free
Post-Run: 6.361.452.544 bytes free

190

Dopuna: 19 Jun 2009 14:40

nadamo se da je ovako ispravno

Dopuna: 20 Jun 2009 21:12

ComboFix 09-06-16.05 - x 19.06.2009 11:43.4 - NTFSx86
Running from: c:\documents and settings\x\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_dhcpsrv
-------\Legacy_msncache
-------\Legacy_msupdate
-------\Legacy_POWERMANAGER
-------\Legacy_protect
-------\Legacy_sopidkc
-------\Service_msncache
-------\Service_PowerManager


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-13 17:25 . 2009-06-13 17:25 -------- d-----w- c:\documents and settings\x\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 19:18 . 2008-05-24 16:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 11:36 . 2008-10-24 18:41 -------- d-----w- c:\documents and settings\x\Application Data\skypePM
2009-06-10 11:36 . 2008-10-23 20:00 -------- d-----w- c:\documents and settings\x\Application Data\Skype
2009-05-19 16:31 . 2009-04-25 09:35 0 ----a-w- c:\windows\system32\drivers\1d91fa8d.sys
2009-05-08 14:47 . 2009-05-07 21:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-08 14:47 . 2009-05-07 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-08 14:40 . 2009-05-08 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-08 14:30 . 2009-05-07 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-08 14:13 . 2009-05-08 14:13 -------- d-----w- c:\program files\Realtek Sound Manager
2009-05-08 14:13 . 2004-10-06 15:50 -------- d-----w- c:\program files\AvRack
2009-05-08 14:13 . 2009-05-08 14:12 -------- d-----w- c:\program files\Realtek AC97
2009-05-08 13:04 . 2004-10-06 06:17 22776 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-08 10:10 . 2009-05-08 10:10 36864 ----a-w- c:\windows\system32\slrundll.exe
2009-05-08 06:37 . 2008-03-10 18:01 -------- d-----w- c:\program files\Winamp
2009-05-08 05:55 . 2009-05-08 05:49 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-07 19:55 . 2009-05-07 19:55 -------- d-----w- c:\documents and settings\x\Application Data\TuneUp Software
2009-05-07 13:38 . 2008-10-10 20:50 90112 ----a-w- c:\windows\unvise32qt.exe
2009-05-07 13:38 . 2006-07-14 14:29 970752 ----a-w- c:\windows\UNRecode.exe
2009-05-07 13:38 . 2006-07-14 14:29 970752 ----a-w- c:\windows\UNNeroVision.exe
2009-05-07 13:29 . 2004-10-06 15:53 26624 ----a-w- c:\windows\system32\xpsp1hfm.exe
2009-05-07 13:13 . 2004-10-06 16:03 323584 ----a-w- c:\windows\system32\nwiz.exe
2009-05-07 13:12 . 1998-10-01 19:00 39936 ----a-w- c:\windows\system32\MAPISRVR.EXE
2009-05-07 13:12 . 2004-10-06 16:03 290816 ----a-w- c:\windows\system32\keystone.exe
2009-05-07 13:11 . 2002-08-29 03:41 172544 ----a-w- c:\windows\system32\jview.exe
2009-05-07 13:11 . 2002-08-29 03:41 14848 ----a-w- c:\windows\system32\jdbgmgr.exe
2009-05-07 13:11 . 2004-08-03 23:56 22016 ----a-w- c:\windows\system32\faxpatch.exe
2009-05-07 13:05 . 2004-08-03 23:56 8704 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-05-07 13:05 . 2007-07-15 21:46 165376 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-05-07 13:05 . 2004-08-03 23:56 22016 ----a-w- c:\windows\system32\spupdwxp.exe
2009-05-07 12:50 . 2007-08-08 18:21 47104 ----a-w- c:\windows\system32\uwdf.exe
2009-05-07 12:46 . 2002-08-29 03:41 171520 ----a-w- c:\windows\system32\wjview.exe
2009-05-07 12:46 . 2002-08-29 03:41 81920 ----a-w- c:\windows\system32\wmpstub.exe
2009-05-07 12:42 . 2008-10-29 18:17 9728 ----a-w- c:\windows\system32\comsdupd.exe
2009-05-07 12:42 . 2002-08-29 03:41 50176 ----a-w- c:\windows\system32\clspack.exe
2009-05-06 22:51 . 2005-01-18 06:58 300032 ----a-w- c:\windows\uninst.exe
2009-05-06 22:51 . 2005-01-18 06:58 302592 ----a-w- c:\windows\unin040c.exe
2009-05-06 22:51 . 2005-08-09 21:38 274432 ----a-w- c:\windows\TLCUninstall.exe
2009-05-06 22:51 . 2004-10-06 15:49 307712 ----a-w- c:\windows\IsUninst.exe
2009-05-06 22:10 . 1999-08-02 09:47 391680 ----a-w- c:\program files\YuRecnik.exe
2009-05-06 22:10 . 1999-08-02 09:40 224256 ----a-w- c:\program files\MiniYuRecnik.exe
2009-05-06 22:10 . 1999-01-25 04:27 29184 ----a-w- c:\program files\Uninstal.exe
2009-05-06 19:45 . 2004-10-06 16:00 335872 ----a-r- c:\windows\Anvshell.exe
2009-05-06 19:45 . 2004-10-06 16:00 24576 -c--a-r- c:\windows\ANVUNIS.exe
2009-05-06 18:57 . 2004-10-09 22:26 1094656 ----a-w- c:\documents and settings\Recnik\Recnik.EXE
2009-05-06 18:49 . 2008-11-18 14:55 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-06 18:01 . 2008-12-25 23:32 184320 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-06 17:56 . 2007-08-08 18:21 38912 ----a-w- c:\windows\system32\wdfmgr.exe
2009-05-06 17:56 . 2004-10-06 16:03 73728 ----a-w- c:\windows\system32\nvsvc32.exe
2009-05-06 17:54 . 2004-10-10 00:35 221184 ----a-w- c:\windows\system32\srkey.exe
2009-04-28 15:06 . 2006-12-12 23:45 -------- d-----w- c:\program files\Recnik20
2009-04-28 14:35 . 2009-02-01 12:48 -------- d-----w- c:\program files\Mp3 Knife
2009-04-28 14:35 . 2009-02-01 13:06 -------- d-----w- c:\program files\DVD Knife
2009-01-07 20:56 . 2007-03-12 01:08 1123 ----a-w- c:\program files\Yurecnik.ini
2009-01-07 11:54 . 2007-03-12 01:08 258 ----a-w- c:\program files\Mini-YuRecnik.ini
2007-08-07 21:20 . 2004-10-08 04:05 778240 ----a-w- c:\program files\Mv2Player.exe
2007-03-12 01:07 . 2007-03-12 01:06 10819 ---ha-w- c:\program files\Yurecnik.GID
2007-03-12 01:06 . 2007-03-12 01:06 1909 ----a-w- c:\program files\uninstal.log
2007-02-17 23:17 . 2005-05-11 00:02 313 ----a-w- c:\program files\MV2Player.rcn
2007-02-17 23:17 . 2005-05-11 00:02 10751 ----a-w- c:\program files\MV2Player.ini
2007-02-17 23:17 . 2005-05-11 00:02 36 ----a-w- c:\program files\LastSet.mv2
1999-08-02 09:35 . 1999-08-02 09:35 9559 ----a-w- c:\program files\YURECNIK.HLP
1999-08-02 09:35 . 1999-08-02 09:35 57 ----a-w- c:\program files\Yurecnik.CNT
1999-07-29 09:43 . 1999-07-29 09:43 2447472 ----a-w- c:\program files\Reci.dat
1996-09-06 12:08 . 1996-09-06 12:08 30070 ----a-w- c:\program files\Fb_deflt.dic
1996-02-23 15:26 . 1996-02-23 15:26 469504 -c--a-w- c:\program files\Fb_11k8.dll
1996-02-23 14:59 . 1996-02-23 14:59 34816 ----a-w- c:\program files\Fb_spch.dll
1996-02-23 14:48 . 1996-02-23 14:48 4608 ----a-w- c:\program files\Fb_timer.dll
1996-02-23 14:46 . 1996-02-23 14:46 29184 ----a-w- c:\program files\Fb_ngn.exe
1996-02-23 14:21 . 1996-02-23 14:21 16896 ----a-w- c:\program files\Uraspec.exe
1996-02-23 14:17 . 1996-02-23 14:17 18432 ----a-w- c:\program files\Dictmgr.exe
1993-11-29 08:32 . 1993-11-29 08:32 16896 ----a-w- c:\program files\Monologw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-28 185872]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-04-02 49152]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^x^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S1 1d91fa8d;1d91fa8d;c:\windows\system32\drivers\1d91fa8d.sys [25.4.2009 11:35 0]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10.12.2008 19:51 29744]
S3 ISOUSB;Vimicro UVC generic driver;c:\windows\system32\drivers\vgeneric.sys [28.10.2008 22:20 64000]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [18.10.2007 12:31 98328]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [29.10.2008 21:04 249984]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [29.10.2008 21:04 476032]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)


.
------- Supplementary Scan -------
.
mSearch Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: &Search - ?p=ZCfox000
IE: Send to &Bluetooth Device... - c:\program files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\x\Application Data\Mozilla\Firefox\Profiles\255yjv76.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\Npindeo.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-06-19 11:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
Completion time: 2009-06-19 11:56
ComboFix-quarantined-files.txt 2009-06-19 09:55
ComboFix2.txt 2009-06-15 16:47

Pre-Run: 6.374.752.256 bytes free
Post-Run: 6.361.452.544 bytes free

190

Dopuna: 20 Jun 2009 21:13

izvinjavamo se na greški bila je zamenila.

Dopuna: 21 Jun 2009 15:58

diarno ::pogledaj u C particiji dal postoji dokument Combofix.txt pa ga okaci ovde. DA LI SMO NA PRAVOM PUTU

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\drivers\1d91fa8d.sys

Driver::
1d91fa8d

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-06-21.01 - x 22.06.2009 23:17.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.103 [GMT 2:00]
Running from: c:\documents and settings\x\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\x\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\1d91fa8d.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_1d91fa8d


((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-22 19:10 . 2009-06-22 19:11 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-21 14:28 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-21 14:28 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-21 14:28 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-21 14:28 . 2009-06-21 14:28 -------- d-----w- c:\program files\Avira
2009-06-21 14:28 . 2009-06-21 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-13 17:25 . 2009-06-13 17:25 -------- d-----w- c:\documents and settings\x\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 17:22 . 2008-05-24 16:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 11:36 . 2008-10-24 18:41 -------- d-----w- c:\documents and settings\x\Application Data\skypePM
2009-06-10 11:36 . 2008-10-23 20:00 -------- d-----w- c:\documents and settings\x\Application Data\Skype
2009-05-08 14:47 . 2009-05-07 21:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-08 14:47 . 2009-05-07 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-08 14:40 . 2009-05-08 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-08 14:30 . 2009-05-07 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-08 14:13 . 2009-05-08 14:13 -------- d-----w- c:\program files\Realtek Sound Manager
2009-05-08 14:13 . 2009-05-08 14:12 -------- d-----w- c:\program files\Realtek AC97
2009-05-08 13:04 . 2004-10-06 06:17 22776 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-08 10:10 . 2009-05-08 10:10 36864 ----a-w- c:\windows\system32\slrundll.exe
2009-05-08 06:37 . 2008-03-10 18:01 -------- d-----w- c:\program files\Winamp
2009-05-07 19:55 . 2009-05-07 19:55 -------- d-----w- c:\documents and settings\x\Application Data\TuneUp Software
2009-05-07 13:38 . 2008-10-10 20:50 90112 ----a-w- c:\windows\unvise32qt.exe
2009-05-07 13:38 . 2006-07-14 14:29 970752 ----a-w- c:\windows\UNRecode.exe
2009-05-07 13:38 . 2006-07-14 14:29 970752 ----a-w- c:\windows\UNNeroVision.exe
2009-05-07 13:29 . 2004-10-06 15:53 26624 ----a-w- c:\windows\system32\xpsp1hfm.exe
2009-05-07 13:13 . 2004-10-06 16:03 323584 ----a-w- c:\windows\system32\nwiz.exe
2009-05-07 13:12 . 1998-10-01 19:00 39936 ----a-w- c:\windows\system32\MAPISRVR.EXE
2009-05-07 13:12 . 2004-10-06 16:03 290816 ----a-w- c:\windows\system32\keystone.exe
2009-05-07 13:11 . 2002-08-29 03:41 172544 ----a-w- c:\windows\system32\jview.exe
2009-05-07 13:11 . 2002-08-29 03:41 14848 ----a-w- c:\windows\system32\jdbgmgr.exe
2009-05-07 13:11 . 2004-08-03 23:56 22016 ----a-w- c:\windows\system32\faxpatch.exe
2009-05-07 13:05 . 2004-08-03 23:56 8704 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-05-07 13:05 . 2007-07-15 21:46 165376 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-05-07 13:05 . 2004-08-03 23:56 22016 ----a-w- c:\windows\system32\spupdwxp.exe
2009-05-07 12:50 . 2007-08-08 18:21 47104 ----a-w- c:\windows\system32\uwdf.exe
2009-05-07 12:46 . 2002-08-29 03:41 171520 ----a-w- c:\windows\system32\wjview.exe
2009-05-07 12:46 . 2002-08-29 03:41 81920 ----a-w- c:\windows\system32\wmpstub.exe
2009-05-07 12:42 . 2008-10-29 18:17 9728 ----a-w- c:\windows\system32\comsdupd.exe
2009-05-07 12:42 . 2002-08-29 03:41 50176 ----a-w- c:\windows\system32\clspack.exe
2009-05-06 22:51 . 2005-01-18 06:58 300032 ----a-w- c:\windows\uninst.exe
2009-05-06 22:51 . 2005-01-18 06:58 302592 ----a-w- c:\windows\unin040c.exe
2009-05-06 22:51 . 2005-08-09 21:38 274432 ----a-w- c:\windows\TLCUninstall.exe
2009-05-06 22:51 . 2004-10-06 15:49 307712 ----a-w- c:\windows\IsUninst.exe
2009-05-06 22:10 . 1999-08-02 09:47 391680 ----a-w- c:\program files\YuRecnik.exe
2009-05-06 22:10 . 1999-08-02 09:40 224256 ----a-w- c:\program files\MiniYuRecnik.exe
2009-05-06 22:10 . 1999-01-25 04:27 29184 ----a-w- c:\program files\Uninstal.exe
2009-05-06 19:45 . 2004-10-06 16:00 335872 ----a-r- c:\windows\Anvshell.exe
2009-05-06 19:45 . 2004-10-06 16:00 24576 -c--a-r- c:\windows\ANVUNIS.exe
2009-05-06 18:57 . 2004-10-09 22:26 1094656 ----a-w- c:\documents and settings\Recnik\Recnik.EXE
2009-05-06 18:49 . 2008-11-18 14:55 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-06 18:01 . 2008-12-25 23:32 184320 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-06 17:56 . 2007-08-08 18:21 38912 ----a-w- c:\windows\system32\wdfmgr.exe
2009-05-06 17:56 . 2004-10-06 16:03 73728 ----a-w- c:\windows\system32\nvsvc32.exe
2009-05-06 17:54 . 2004-10-10 00:35 221184 ----a-w- c:\windows\system32\srkey.exe
2009-04-28 15:06 . 2006-12-12 23:45 -------- d-----w- c:\program files\Recnik20
2009-04-28 14:35 . 2009-02-01 12:48 -------- d-----w- c:\program files\Mp3 Knife
2009-04-28 14:35 . 2009-02-01 13:06 -------- d-----w- c:\program files\DVD Knife
2009-01-07 20:56 . 2007-03-12 01:08 1123 ----a-w- c:\program files\Yurecnik.ini
2009-01-07 11:54 . 2007-03-12 01:08 258 ----a-w- c:\program files\Mini-YuRecnik.ini
2007-08-07 21:20 . 2004-10-08 04:05 778240 ----a-w- c:\program files\Mv2Player.exe
2007-03-12 01:07 . 2007-03-12 01:06 10819 ---ha-w- c:\program files\Yurecnik.GID
2007-03-12 01:06 . 2007-03-12 01:06 1909 ----a-w- c:\program files\uninstal.log
2007-02-17 23:17 . 2005-05-11 00:02 313 ----a-w- c:\program files\MV2Player.rcn
2007-02-17 23:17 . 2005-05-11 00:02 10751 ----a-w- c:\program files\MV2Player.ini
2007-02-17 23:17 . 2005-05-11 00:02 36 ----a-w- c:\program files\LastSet.mv2
1999-08-02 09:35 . 1999-08-02 09:35 9559 ----a-w- c:\program files\YURECNIK.HLP
1999-08-02 09:35 . 1999-08-02 09:35 57 ----a-w- c:\program files\Yurecnik.CNT
1999-07-29 09:43 . 1999-07-29 09:43 2447472 ----a-w- c:\program files\Reci.dat
1996-09-06 12:08 . 1996-09-06 12:08 30070 ----a-w- c:\program files\Fb_deflt.dic
1996-02-23 15:26 . 1996-02-23 15:26 469504 -c--a-w- c:\program files\Fb_11k8.dll
1996-02-23 14:59 . 1996-02-23 14:59 34816 ----a-w- c:\program files\Fb_spch.dll
1996-02-23 14:48 . 1996-02-23 14:48 4608 ----a-w- c:\program files\Fb_timer.dll
1996-02-23 14:46 . 1996-02-23 14:46 29184 ----a-w- c:\program files\Fb_ngn.exe
1996-02-23 14:21 . 1996-02-23 14:21 16896 ----a-w- c:\program files\Uraspec.exe
1996-02-23 14:17 . 1996-02-23 14:17 18432 ----a-w- c:\program files\Dictmgr.exe
1993-11-29 08:32 . 1993-11-29 08:32 16896 ----a-w- c:\program files\Monologw.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-21 14:28 . 2009-02-13 10:50 28376 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-05-08 05:49 . 2009-03-24 14:08 55640 c:\windows\system32\drivers\avgntflt.sys
- 2009-05-08 05:49 . 2009-05-08 05:55 55640 c:\windows\system32\drivers\avgntflt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-28 185872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-04-02 49152]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^x^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.6.2009 16:28 108289]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10.12.2008 19:51 29744]
S3 ISOUSB;Vimicro UVC generic driver;c:\windows\system32\drivers\vgeneric.sys [28.10.2008 22:20 64000]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [18.10.2007 12:31 98328]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [29.10.2008 21:04 249984]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [29.10.2008 21:04 476032]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)


.
------- Supplementary Scan -------
.
mSearch Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: &Search - ?p=ZCfox000
IE: Send to &Bluetooth Device... - c:\program files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-06-22 23:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3376)
c:\windows\System32\btneighborhood.dll
c:\windows\System32\wbtapi.dll
c:\windows\System32\btwpimif.dll
c:\windows\System32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\CSH.dll
c:\windows\system32\BtXpPanel.Dll
.
Completion time: 2009-06-22 23:28
ComboFix-quarantined-files.txt 2009-06-22 21:28
ComboFix2.txt 2009-06-19 09:56
ComboFix3.txt 2009-06-15 16:47

Pre-Run: 6.048.780.288 bytes free
Post-Run: 6.036.242.432 bytes free

194

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I kakvo je sad stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 23 Jun 2009 16:05

internet joj još ne moze pa neznamo sta bi moglo biti.
a sa virusima je bolje stanje,

Dopuna: 23 Jun 2009 16:07

mozeli biti da su virusi poremetili , PODATKE SIFRU I TO

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

stvarno ne znam sta bi moglo biti

probaj sa ovim programom

[Link mogu videti samo ulogovani korisnici]

klikni fix pa restartuj racunar..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 23 Jun 2009 19:42

da li su ovo uredu tekstovi do sat kojesmo okacili

Dopuna: 23 Jun 2009 19:47

klikni fix pa restartuj racunar.. jeli pomoću ovog programa ili normalno 1 to da uradi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

pomocu tog programa...i da u redu su