Pomoć oko wininit.exe

Windows 7 je u pitanju. AVG vrišti na c/windows/system32/wininit.exe kaže da je u pitanju Trojan Pachedi evo log'a_c.IWU Zna li neko kako mogu da ga uklonim. Uradio sam scan sa combofix-om:

ComboFix 10-09-09.04 - Zaunergroup 10.09.2010 22:08:28.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.1913.831 [GMT 2:00]
Running from: e:\nenad mladenovic\download\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Zaunergroup\AppData\Local\Windows Server
c:\users\Zaunergroup\AppData\Local\Windows Server\flags.ini
c:\users\Zaunergroup\AppData\Local\Windows Server\server.dat
c:\users\Zaunergroup\AppData\Local\Windows Server\uses32.dat
c:\windows\system32\muzapp.exe

Infected copy of c:\windows\system32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

2010-09-10 20:29 . 2010-09-10 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-10 20:06 . 2010-09-10 20:06 -------- d-----w- C:\32788R22FWJFW
2010-09-10 19:38 . 2010-09-10 19:39 -------- d-----w- c:\program files\sigurnost
2010-09-10 13:38 . 2010-09-10 13:38 245760 ---ha-w- C:\SZKGFS.dat
2010-09-10 13:35 . 2010-09-10 13:35 -------- d-----w- c:\programdata\SITEguard
2010-09-10 13:34 . 2010-09-10 14:05 -------- d-----w- c:\programdata\STOPzilla!
2010-09-10 13:34 . 2010-09-10 13:34 -------- d-----w- c:\program files\Common Files\iS3
2010-09-10 13:22 . 2010-09-10 13:22 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\AdwareBot
2010-09-10 12:44 . 2010-09-10 12:57 -------- d-----w- c:\programdata\PC Tools
2010-09-10 12:41 . 2010-09-10 12:42 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\GetRightToGo
2010-09-10 10:24 . 2010-09-10 10:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-10 09:54 . 2010-09-10 09:54 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Malwarebytes
2010-09-10 09:53 . 2010-09-10 09:53 -------- d-----w- c:\programdata\Malwarebytes
2010-09-08 12:22 . 2010-09-08 12:23 -------- d-----w- c:\program files\QuickTime
2010-09-08 12:22 . 2010-09-08 12:22 -------- d-----w- c:\programdata\Apple Computer
2010-09-08 05:59 . 2010-09-08 06:02 -------- d-----w- c:\programdata\COMODO
2010-09-07 18:26 . 2010-09-07 18:26 -------- d-----w- c:\program files\COMODO
2010-09-07 18:25 . 2010-09-07 18:25 -------- d-----w- c:\programdata\Comodo Downloader
2010-09-07 17:07 . 2010-09-09 14:23 -------- d-----w- c:\users\Zaunergroup\AppData\Local\Corel
2010-09-07 17:02 . 2010-09-07 17:02 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Ulead Systems
2010-09-07 17:01 . 2010-09-07 17:01 -------- d-----w- c:\programdata\InterVideo
2010-09-07 17:00 . 2010-09-07 17:01 -------- d-----w- c:\programdata\Corel
2010-09-07 16:59 . 2010-09-07 16:59 -------- d-----w- c:\program files\Common Files\Protexis
2010-09-07 16:57 . 2010-09-07 16:59 -------- d-----w- c:\program files\Common Files\Corel
2010-09-07 16:56 . 2010-09-07 17:01 -------- d-----w- c:\programdata\Ulead Systems
2010-09-07 16:56 . 2010-09-07 16:56 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-09-07 16:56 . 2010-09-07 17:01 -------- d-----w- c:\program files\Corel
2010-09-07 16:15 . 2010-09-07 17:06 88 --sh--r- c:\programdata\0AE9149E78.sys
2010-09-07 16:15 . 2010-09-09 13:24 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-09-07 16:14 . 2010-09-07 17:02 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-07 16:13 . 2010-09-08 05:59 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-07 16:10 . 2010-09-07 17:06 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Corel
2010-09-07 16:08 . 2010-09-07 16:08 -------- d-----w- c:\program files\Windows Media Components
2010-09-07 11:41 . 2010-09-07 11:41 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\MAGIX
2010-09-07 11:39 . 2010-09-07 11:53 -------- d-----w- c:\programdata\MAGIX
2010-09-07 11:39 . 2010-09-07 11:54 -------- d-----w- c:\program files\MAGIX
2010-09-07 11:39 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2010-09-07 11:39 . 2010-09-07 11:54 -------- d-----w- c:\windows\system32\MAGIX
2010-09-07 11:39 . 2008-04-15 14:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2010-08-27 12:19 . 2010-08-27 12:19 -------- d-----w- c:\program files\MagicISO
2010-08-27 07:27 . 2010-08-27 07:27 -------- d-----w- c:\program files\EA Games
2010-08-27 07:26 . 2010-08-19 21:46 1312120 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-08-27 07:26 . 2010-08-19 21:46 724992 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-08-20 19:55 . 2010-08-20 19:55 -------- d-----w- c:\programdata\PC Suite
2010-08-20 19:54 . 2010-08-20 19:54 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\PC Suite
2010-08-20 19:51 . 2010-08-20 19:51 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Samsung
2010-08-20 19:51 . 2010-08-20 19:52 -------- d-----w- c:\programdata\Samsung
2010-08-20 19:51 . 2010-08-20 19:51 -------- d-----w- c:\program files\MarkAny
2010-08-20 19:51 . 2010-08-20 19:52 -------- d-----w- c:\program files\Samsung
2010-08-20 19:50 . 2010-08-20 19:51 -------- d-----w- c:\program files\Common Files\Samsung
2010-08-19 14:28 . 2010-08-18 15:13 52224 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-19 14:28 . 2010-08-18 15:13 101376 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 20:31 . 2010-04-26 14:21 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\uTorrent
2010-09-10 19:50 . 2010-07-15 08:55 -------- d-----w- c:\programdata\Babylon
2010-09-10 13:55 . 2010-07-15 08:55 -------- d-----w- c:\program files\myBabylon_English
2010-09-10 12:15 . 2010-01-13 08:53 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Media Player Classic
2010-09-10 08:07 . 2010-01-05 14:08 -------- d-----w- c:\programdata\avg9
2010-09-09 07:09 . 2010-07-15 08:55 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Babylon
2010-09-08 05:59 . 2010-04-26 14:21 -------- d-----w- c:\program files\uTorrent
2010-09-07 17:07 . 2010-01-10 00:28 79816 ----a-w- c:\users\Zaunergroup\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-07 16:13 . 2010-01-05 13:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-07 11:40 . 2010-09-07 11:40 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Yahoo!
2010-09-06 12:33 . 2010-01-13 13:54 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Skype
2010-08-20 19:52 . 2010-08-20 19:52 -------- d-----w- c:\program files\DIFX
2010-08-20 19:52 . 2010-08-20 19:51 -------- d-----w- c:\program files\PC Connectivity Solution
2010-08-08 09:15 . 2010-08-08 09:15 -------- d-----w- c:\program files\Common Files\Apple
2010-08-08 09:15 . 2010-08-08 09:15 -------- d-----w- c:\programdata\Apple
2010-08-08 09:15 . 2010-08-08 09:15 -------- d-----w- c:\program files\Apple Software Update
2010-08-06 13:54 . 2010-08-06 13:54 -------- d-----w- c:\program files\Common Files\Java
2010-08-06 13:53 . 2010-06-07 06:42 -------- d-----w- c:\program files\Java
2010-07-29 18:28 . 2010-07-29 18:28 -------- d-----w- c:\program files\Common Files\Skype
2010-07-29 14:06 . 2010-01-13 13:58 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\skypePM
2010-07-29 06:30 . 2010-08-11 05:22 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 05:22 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-29 05:27 . 2010-07-29 05:08 -------- d-----w- c:\program files\JetAudio
2010-07-29 05:10 . 2010-07-29 05:10 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\COWON
2010-07-29 05:08 . 2010-07-29 05:08 -------- d-----w- c:\program files\Common Files\COWON
2010-07-23 14:07 . 2010-07-23 14:07 -------- d-----w- c:\programdata\TP-LINK
2010-07-17 07:25 . 2010-01-05 14:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 07:25 . 2010-07-17 07:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 07:24 . 2010-01-05 14:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-17 03:00 . 2010-06-07 06:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25 . 2010-08-11 05:22 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-11 05:22 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 05:22 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 05:22 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-11 05:22 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 05:22 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 05:22 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 05:22 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-11 05:22 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-11 05:23 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-09-10 2735200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-09-10 13:55 2735200 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-09-10 2735200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-09-10 2735200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files\Samsung\Kies\" [X]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-07 328568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 gupdate;?????? Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [2010-05-04 9241088]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-04-27 100224]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-25 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-17 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-17 243024]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-05-01 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-01 217088]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-01 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-05-01 36640]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-06-10 12:11]

2010-09-10 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-06-10 13:13]

2010-09-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-05 10:17]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:49]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=55555
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=55555
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2656476887-671946441-1535801849-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,ac,5a,f5,3b,ee,ae,85,a5,ff,fb,5b,b0,52,4f,b5,84,f3,eb,c0,d4,9c,29,
66,b0,0f,02,25,d6,ec,10,d7,9c,71,f3,59,7c,a4,67,a9,ce,9a,2f,77,70,a1,6a,6f,\
"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\sppsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-09-10 22:35:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-10 20:35

Pre-Run: 11.720.196.096 bytes free
Post-Run: 11.477.680.128 bytes free

- - End Of File - - AAFE8F5046D4E28DA46FEC3546AFFAC9

Kao što i piše u gornjoj poruci (izveštaj combofix-a):

Infected copy of c:\windows\system32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe


ponovno skenirano AVG-om i sve je OK

))))))))))))))))))))))))))))))))))))))

Posalji sledeci fajl na analizu na Virus Total:

C:\Qoobox\Quarantine\c\windows\system32\muzapp.exe.vir
http://www.virustotal.com/


Kada zavrsis skeniranje, okaci mi link da pogledam.





p.s. Inace, ne trebas pokretati CF na svoju ruku. Moze doci do nezeljenih posledica. Combo Fix nije niti antivirus niti nesto slicno. To je veoma ozbiljan alat koji moze da se koristi za uklanjanje malware-a ukoliko znaju da se koriste njegove mogucnosti.

Što se tiče CF znam da nije za igranje... Zbog neznanja sam mislio da ga startujem kako bi odradio neku vrstu skeniranja i detektovanja problema kako bi mogao ovde da pejstujem log pa da mi neko ko je stvarno upućen u CF pomogne tako što bi mi prtumačio i dao uputsvo šta dalje da radim. Kada je CF odradio svoje i resetovao komp bilo mije jasno da sam promašio temu, al je bilo sve gototvo. Ali eto ispalo je dobro (valjda?) :-)

Evo linka:
http://www.virustotal.com/file...a67df8bcd6cfeac969c-1284155510

Otvori Notepad i kopiraj tekst koji se nalazi ispod:



Klikni na File -> Save as i sacuvaj skriptu pod imenom CFScript u E:\nenad mladenovic\download\ComboFix.exe

Nakon toga prevuci CFScript na Combo Fix ikonicu kao na sledecoj slici:


To ce startovati ComboFix, mozda ce doci do restarta sistema (to je normalno).
Kada zavrsi,pojavice se log.
Posalji mi u sledecoj poruci sadrzaj loga koji ti Comobo Fix bude izbacio.

Ovo je sve što je izbacio u logu:

C:\Qoobox\Quarantine\c\windows\system32\muzapp.exe.vir -> c:\windows\system32\muzapp.exe ( 172032 bytes )

Ok, to je i trebao da izbaci.


Potrebno je jos da deinstaliras CF.

Start -> Run -> kucaj: combofix /uninstall -> pritisni Enter.

Sacekaj da se proces deinstalacije izvrsi i na kraju postupka klikni na OK. To bi bilo to.

odrađeno !!! Sve u redu....

goran9888 hvala na savetima i pomoći !!!