Po ovim uputstvima sam skenirao moj comp koji je znacajno usporio rad u poslenje vreme, ostavicu ovde report sa ComboFix-a , zamolio bih da ukoliko ima neko srucan da ga analizira i kaze mi sta da radim Hvala
ComboFix 10-10-31.01 - Priboj 04.11.2010 18:05:58.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.381.1033.18.2047.1606 [GMT 1:00]
Running from: c:\documents and settings\Priboj\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2010-10-04 to 2010-11-04 )))))))))))))))))))))))))))))))
.
2010-10-29 15:15 . 2010-10-30 20:31 -------- d-----w- C:\ADSM_PData_0150
2010-10-29 15:14 . 2010-10-29 15:14 -------- d-----w- C:\ProgramData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2009-11-23 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-15 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-15 86016]
"nwiz"="nwiz.exe" [2009-04-15 1657376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-26 549400]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 534528]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-03-20 174648]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-04-17 1593344]
"Power4Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2009-03-03 92728]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Aspwdflt]
2009-02-10 18:33 1556480 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [10/30/2010 9:23 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [10/30/2010 9:23 PM 59664]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/16/2009 9:06 AM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [10/29/2010 4:02 PM 89856]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [10/30/2010 9:23 PM 33552]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/29/2010 1:56 PM 1684736]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\e:\i386\AsProcOb.sys --> e:\i386\AsProcOb.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [10/29/2010 2:43 PM 100480]
.
Contents of the 'Scheduled Tasks' folder
2010-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1580436667-1606980848-1003Core.job
- c:\documents and settings\Priboj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-29 13:22]
2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1580436667-1606980848-1003UA.job
- c:\documents and settings\Priboj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-29 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Priboj\Application Data\Mozilla\Firefox\Profiles\r6a4diwe.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Priboj\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-04 18:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
- - - - - - - > 'lsass.exe'(804)
c:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2010-11-04 18:24:50
ComboFix-quarantined-files.txt 2010-11-04 17:24
ComboFix2.txt 2010-11-01 21:08
ComboFix3.txt 2010-10-31 22:38
Pre-Run: 24.294.916.096 bytes free
Post-Run: 24.287.768.576 bytes free
- - End Of File - - DFCBEDA0CEE7C9DB938A5898ABD3129D
ComboFix 10-10-31.01 - Priboj 04.11.2010 18:05:58.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.381.1033.18.2047.1606 [GMT 1:00]
Running from: c:\documents and settings\Priboj\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2010-10-04 to 2010-11-04 )))))))))))))))))))))))))))))))
.
2010-10-29 15:15 . 2010-10-30 20:31 -------- d-----w- C:\ADSM_PData_0150
2010-10-29 15:14 . 2010-10-29 15:14 -------- d-----w- C:\ProgramData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2009-11-23 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-15 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-15 86016]
"nwiz"="nwiz.exe" [2009-04-15 1657376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-26 549400]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 534528]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-03-20 174648]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-04-17 1593344]
"Power4Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2009-03-03 92728]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Aspwdflt]
2009-02-10 18:33 1556480 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [10/30/2010 9:23 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [10/30/2010 9:23 PM 59664]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/16/2009 9:06 AM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [10/29/2010 4:02 PM 89856]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [10/30/2010 9:23 PM 33552]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/29/2010 1:56 PM 1684736]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\e:\i386\AsProcOb.sys --> e:\i386\AsProcOb.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [10/29/2010 2:43 PM 100480]
.
Contents of the 'Scheduled Tasks' folder
2010-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1580436667-1606980848-1003Core.job
- c:\documents and settings\Priboj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-29 13:22]
2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1580436667-1606980848-1003UA.job
- c:\documents and settings\Priboj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-29 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Priboj\Application Data\Mozilla\Firefox\Profiles\r6a4diwe.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Priboj\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-04 18:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
- - - - - - - > 'lsass.exe'(804)
c:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2010-11-04 18:24:50
ComboFix-quarantined-files.txt 2010-11-04 17:24
ComboFix2.txt 2010-11-01 21:08
ComboFix3.txt 2010-10-31 22:38
Pre-Run: 24.294.916.096 bytes free
Post-Run: 24.287.768.576 bytes free
- - End Of File - - DFCBEDA0CEE7C9DB938A5898ABD3129D
