MyCity » Ambulanta -> Arhiva Ambulante » Trojanac?

Trojanac?

Napisano na dan: 9.6.2008

Strana:
1
2

Trojanac?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

manipularis Poslao: 09 Jun 2008 00:53 Idi na vrh
offline manipularis Građanin Pridružio: 09 Jun 2008 Poruke: 66	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Molim bih nekoga da mi pomogne. Primjetio sam da mi je u zadnje vrijeme komp. znatno sporiji pa sam ga odlucio detaljno skenirati i avast mi je pronasao trojanskog konja,kojeg sam izbrisao.Medjutim komp. je jos uvijek dosta spor posebno kada sam na netu.Omisljam se vec para dana da li da nosim na format, ali mi se neda sve ponovo instalisati.Molio bih nekoga za pomoc?

Profil

Rastafarii Poslao: 09 Jun 2008 03:02 Idi na vrh
offline Rastafarii Moderator foruma PHP developer Pridružio: 22 Mar 2006 Poruke: 3747 Gde živiš: 127.0.0.1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obrati paznju kako se otvara tema u Ambulanti http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

manipularis Poslao: 13 Jun 2008 00:52 Idi na vrh
offline manipularis Građanin Pridružio: 09 Jun 2008 Poruke: 66	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A koja je razlika ? Dopuna: 13 Jun 2008 0:52 Izvinjavam se nisam odmah skontao sustinu otvaranja teme.Uradio sam kako je napisano Logfile of HijackThis v1.99.1 Scan saved at 0:48:38, on 13.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\runservice.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\K-Meleon\k-meleon.exe C:\Documents and Settings\pc01\Desktop\New Folder\TR3.exe..exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.com/0SEENUS/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: Yahoo! ¤u¨a¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\pc01\LOCALS~1\Temp\{A699C74A-8395-426F-BB07-FDDBECAB1DC5}\{EEBA9416-3207-47E0-9022-116440599DBC}\P2006tmp\Install.exe" /SETUP:"/l0x0009" O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\pc01\LOCALS~1\Temp\2008425203647_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{E0CA201E-5012-415F-85AE-2637A2130AA0}: NameServer = 79.143.168.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Profil

DEMIAN Poslao: 13 Jun 2008 01:09 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Bi li mogao da se setiš putanje sa koje ti je detektovan taj trojanac? Jesi li već koristio Panda i McAfee sken?

Profil

manipularis Poslao: 13 Jun 2008 02:03 Idi na vrh
offline manipularis Građanin Pridružio: 09 Jun 2008 Poruke: 66	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! McAfee sken. imam u CD koji sam dobio uz komp. ali nisam nikada s njim skenirao koristio sam najvise avast i s njim skenirao.Neznam tacno putanju.

Profil

DEMIAN Poslao: 13 Jun 2008 02:14 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U logovima ti se vide Kaspersky, Eset, Panda i Avast među pokrenutim procesima u trenutku kada si skenirao sistem HijackThis-om. 4 AV-a programa je stvarno mnogo. O čemu se tu radi? To si sve ti instalirao? Odgovori mi na to pa a zatim isprati ovo uputstvo dole; ------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

manipularis Poslao: 13 Jun 2008 14:04 Idi na vrh
offline manipularis Građanin Pridružio: 09 Jun 2008 Poruke: 66	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Panda AV ne mogu da izbrisem iz komp. odnsono ne mogu da pronadjem gdje se nlazi,u Remove programs se ne nalazi.Prvo sam imao avst, a kasnije sam intalirao Kasperski i Eset zbog skeniranja da vidim hoce li nesto pronaci. Dopuna: 13 Jun 2008 14:04 ComboFix 08-06-11.3 - pc01 2008-06-13 13:51:23.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.551 [GMT 2:00] Running from: C:\Documents and Settings\pc01\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))) . 2008-06-12 23:09 . 2008-06-12 23:09 162,064 --a------ C:\WINDOWS\system32\drivers\U_E1C.tmp 2008-06-12 13:24 . 2008-06-12 13:27 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Winamp 2008-06-12 12:50 . 2008-06-12 12:50 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-06-12 12:25 . 2008-06-12 12:25 162,064 --a------ C:\WINDOWS\system32\drivers\U_E189.tmp 2008-06-11 22:52 . 2008-06-11 22:52 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Simply Super Software 2008-06-11 21:33 . 2008-06-11 21:33 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-06-11 21:19 . 2008-06-12 01:21 <DIR> d-------- C:\Program Files\ESET 2008-06-11 19:31 . 2008-06-11 21:30 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-06-11 19:31 . 2008-06-11 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-11 19:31 . 2008-06-11 21:20 2,429,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-11 19:31 . 2008-06-11 21:14 33,356 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-11 19:31 . 2008-06-11 21:20 6,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-11 19:31 . 2008-06-11 21:14 1,508 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-11 19:30 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 19:30 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-07 20:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-07 20:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-06-07 20:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-07 00:59 . 2008-06-07 00:59 74,703 --a------ C:\WINDOWS\system32\mfc45.dll 2008-06-06 23:55 . 2008-06-07 00:58 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\iolo 2008-06-06 23:55 . 2008-06-07 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-06-06 23:50 . 2008-06-06 23:50 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-06 23:49 . 2008-06-07 00:10 <DIR> d-------- C:\Program Files\Windows Live 2008-06-06 23:49 . 2008-06-07 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-06 22:36 . 2008-06-11 19:25 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\VoozieMaker 2008-06-06 22:22 . 2008-06-07 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Make A Voozie 2008-06-06 13:30 . 2008-06-06 13:31 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\BSplayer 2008-06-06 12:48 . 2008-06-06 12:52 684,713,984 --a------ C:\Backup.bkf 2008-06-06 12:45 . 2008-06-06 12:53 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-06-06 12:37 . 2008-06-06 12:37 <DIR> d---s---- C:\Documents and Settings\pc01\UserData 2008-06-06 12:27 . 2008-06-06 12:27 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\K-Meleon 2008-06-06 12:26 . 2008-06-06 12:26 <DIR> d-------- C:\Program Files\K-Meleon 2008-06-06 01:06 . 2008-06-06 01:06 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\ACD Systems 2008-06-05 23:10 . 2008-06-13 02:27 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\mIRC 2008-06-05 19:35 . 2008-06-05 19:35 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Corel 2008-06-05 19:35 . 2008-06-05 19:35 737,280 --a------ C:\WINDOWS\iun6002.exe 2008-06-05 19:10 . 2008-06-05 19:10 <DIR> d-------- C:\Program Files\Opera 2008-06-05 11:22 . 2008-06-05 11:22 <DIR> d-------- C:\Program Files\EA GAMES 2008-06-05 01:03 . 2008-06-05 01:03 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Media Player Classic 2008-06-05 00:44 . 2008-06-05 00:45 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Xfire 2008-06-05 00:44 . 2008-06-05 00:44 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\teamspeak2 2008-06-05 00:28 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2008-06-05 00:28 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys 2008-06-04 23:53 . 2008-06-04 23:57 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\ICQ 2008-06-04 23:47 . 2008-06-13 00:09 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\skypePM 2008-06-04 23:45 . 2008-06-13 02:11 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Skype 2008-06-04 23:19 . 2008-06-05 18:03 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Comodo 2008-06-04 22:39 . 2008-06-05 18:03 <DIR> d-------- C:\Program Files\COMODO 2008-06-04 22:28 . 2008-06-04 22:30 <DIR> d-------- C:\Program Files\Unlocker 2008-06-04 20:02 . 2008-06-04 20:02 <DIR> d--hs---- C:\INCINERATE 2008-06-03 23:35 . 2008-06-12 23:10 <DIR> d-------- C:\Program Files\mIRC 2008-06-01 23:45 . 2008-06-04 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-06-01 10:55 . 2008-06-01 10:55 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer 2008-06-01 10:55 . 2008-06-04 18:21 <DIR> d-------- C:\Program Files\DAEMON Tools 2008-06-01 10:54 . 2008-06-01 10:54 <DIR> d-------- C:\enter_host_plugin_directory_here 2008-05-30 13:09 . 2008-05-30 15:38 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-05-30 13:06 . 2008-05-30 13:06 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-05-30 12:43 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-05-30 12:43 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-05-30 12:43 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2008-05-30 12:43 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2008-05-30 12:36 . 2008-05-30 12:36 <DIR> d-------- C:\Program Files\Sega 2008-05-26 12:33 . 2008-05-26 12:33 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-05-24 17:55 . 2008-05-24 17:55 736 --a------ C:\WINDOWS\SamsungMaster.INI 2008-05-24 17:44 . 2008-05-24 17:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-24 17:44 . 2008-05-24 17:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-24 17:38 . 2004-03-09 11:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe 2008-05-23 17:30 . 1995-08-15 02:00 28,113 --a------ C:\WINDOWS\system\OLE2.REG 2008-05-20 23:58 . 2008-05-23 17:29 <DIR> d-------- C:\Program Files\a-squared 2008-05-20 21:06 . 2008-05-23 16:57 26 --a------ C:\WINDOWS\DGcounter.ini 2008-05-20 20:58 . 2008-06-11 19:42 <DIR> d-------- C:\Documents and Settings\Administrator 2008-05-20 20:46 . 2008-05-20 23:01 227 --a------ C:\WINDOWS\AvDetected.ini 2008-05-20 20:45 . 2008-06-05 00:28 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-05-20 18:42 . 2008-05-20 21:08 <DIR> d-------- C:\Program Files\a-squared Anti-Malware 2008-05-20 17:02 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-05-20 17:02 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-05-20 17:02 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-05-20 17:02 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-05-20 17:02 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-05-20 17:01 . 2008-05-20 17:04 <DIR> d-------- C:\Program Files\Trojan Remover 2008-05-20 17:01 . 2008-05-20 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-05-20 16:03 . 2008-06-11 21:33 270,336 --a------ C:\WINDOWS\system32\imon.dll 2008-05-20 15:57 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-20 15:57 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-20 15:56 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-20 15:56 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-20 15:56 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-20 15:56 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-20 15:56 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-20 15:56 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-20 15:56 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-19 09:21 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-18 22:33 . 2008-06-12 01:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-18 22:33 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-05-16 22:59 . 2008-06-12 13:42 1,374 --a------ C:\WINDOWS\imsins.BAK . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 22:11 --------- d-----w C:\Program Files\MSN Messenger 2008-06-05 20:47 --------- d-----w C:\Program Files\JLC's Software 2008-06-04 18:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-04 18:02 --------- d-----w C:\Program Files\iolo 2008-06-03 21:05 --------- d-----w C:\Program Files\Yahoo! 2008-05-30 10:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-23 16:14 --------- d-----w C:\Program Files\KONAMI 2008-05-20 20:52 --------- d-----w C:\Program Files\Winamp 2008-05-20 20:41 --------- d-----w C:\Program Files\TVPlayerClassic 2008-05-20 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2008-05-19 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-05-16 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-04 18:39 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-04-27 22:34 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-27 22:34 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-26 20:29 --------- d-----w C:\Program Files\Common Files\Synacast 2008-04-26 00:57 --------- d-----w C:\Program Files\PC Camer@ 2008-04-26 00:57 --------- d-----w C:\Program Files\Common Files\PAC207 2008-04-25 22:36 --------- d-----w C:\Program Files\ICQ6 2008-04-25 15:24 --------- d-----w C:\Program Files\Globe7 2008-04-25 14:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-04-23 20:25 --------- d-----w C:\Program Files\Conduit 2008-04-22 22:15 --------- d-----w C:\Program Files\Participatory Culture Foundation 2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-01-16 18:10 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "ares"="C:\Program Files\Ares\Ares.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872] "kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-16 16:28 139367] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-11 21:33 917504] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll "msacm.ac3filter"= ac3filter.acm "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^pc01^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\pc01\Start Menu\Programs\Startup\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] --a------ 2008-05-16 01:19 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disk Cleaner] C:\Program Files\Disk Cleaner\DiskCleaner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Program Files\FlashGet\FlashGet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] --a------ 2008-04-01 12:40 172280 C:\Program Files\ICQ6\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Make A Voozie] --a------ 2008-02-20 12:00 64000 C:\Documents and Settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Miro] C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci] C:\DOCUME~1\pc01\LOCALS~1\Temp\2008425203639_mcinfo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-07-14 21:35 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2005-10-10 15:49 7286784 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2005-10-10 15:49 86016 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2005-10-10 15:49 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-25 08:45 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Helper] C:\Program Files\Registry Helper\RegistryHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -r------- 2005-09-22 10:42 90112 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spontania Video Collaboration] C:\Program Files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-04-05 19:36 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] --a------ 2008-05-18 14:19 877136 C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2004-11-22 08:18 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AVP"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-11-22 15:22] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49] R3 PAC207;PC Camer@;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-20 09:48] S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [] S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-05 03:59] S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95969fb4-f0fb-11dc-8f6e-00138f8a4b78}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e3c57a4-1bac-11dd-91ea-00138f8a4b78}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c97042f6-b3ae-11dc-8ea6-00138f8a4b78}] \Shell\AutoRun\command - E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d587fa53-e5fc-11dc-8f43-00138f8a4b78}] \Shell\AutoRun\command - E:\autorun.exe Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-13 13:55:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\xfire_lsp_9028.dll . Completion time: 2008-06-13 13:58:45 ComboFix-quarantined-files.txt 2008-06-13 11:58:03 Pre-Run: 51,031,474,176 bytes free Post-Run: 51,109,937,152 bytes free 299 --- E O F --- 2008-06-12 11:42:49

Profil

DEMIAN Poslao: 13 Jun 2008 14:32 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koliko vidim ti nemaš ništa aktivno na kompu ali imaš zaostatke malware-a u registry bazi. To ćemo da rešimo na kraju.. Prvo se odluči se za jedan AV i samo njega ostavi na kompu. Ako ćeš da izbaciš Panda AV probaj da iskoristiš ovaj njihov uninstaler http://www.pandasecurity.com/resources/sop/UNINSTALLER.exe Info o postupku ti je ovde http://www.pandasecurity.com/homeusers/support/car.....p;pagina=1 Kada ti na sistemu bude ostao samo jedan AV - pusti mi ovde sveže HijackThis i ComboFix logove da pobrišemo to šta je zaostalo. Što se problema sa brzinom sistema tiče verujem da ćeš promene videti već po deinstalaciji tih suvišnih AV programa.

Profil

manipularis Poslao: 13 Jun 2008 16:03 Idi na vrh
offline manipularis Građanin Pridružio: 09 Jun 2008 Poruke: 66	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ostavio sam samo avast AV.Ovo su svjezo logovi od HijackThis i ComboFix Logfile of HijackThis v1.99.1 Scan saved at 15:51:47, on 13.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\runservice.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\K-Meleon\k-meleon.exe C:\Documents and Settings\pc01\Desktop\New Folder\TR3.exe..exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/ R3 - URLSearchHook: Yahoo! ¤u¨a¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{E0CA201E-5012-415F-85AE-2637A2130AA0}: NameServer = 79.143.168.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe ComboFix 08-06-11.3 - pc01 2008-06-13 15:53:00.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.612 [GMT 2:00] Running from: C:\Documents and Settings\pc01\Desktop\ComboFix.exe Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))) . 2008-06-13 15:45 . 2007-03-06 17:33 12,336 --------- C:\WINDOWS\system32\PGUNNT.EXE 2008-06-13 15:42 . 2008-06-13 15:45 <DIR> d-------- C:\SMCLpav 2008-06-13 13:59 . 2008-06-13 13:59 162,064 --a------ C:\WINDOWS\system32\drivers\U_EB7.tmp 2008-06-12 23:09 . 2008-06-12 23:09 162,064 --a------ C:\WINDOWS\system32\drivers\U_E1C.tmp 2008-06-12 13:24 . 2008-06-12 13:27 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Winamp 2008-06-12 12:50 . 2008-06-12 12:50 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-06-12 12:25 . 2008-06-12 12:25 162,064 --a------ C:\WINDOWS\system32\drivers\U_E189.tmp 2008-06-11 21:19 . 2008-06-13 15:48 <DIR> d-------- C:\Program Files\ESET 2008-06-11 19:31 . 2008-06-13 15:48 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-06-11 19:31 . 2008-06-11 21:20 2,429,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-11 19:31 . 2008-06-11 21:14 33,356 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-11 19:31 . 2008-06-11 21:20 6,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-11 19:31 . 2008-06-11 21:14 1,508 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-11 19:30 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 19:30 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-07 20:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-07 20:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-06-07 20:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-07 00:59 . 2008-06-07 00:59 74,703 --a------ C:\WINDOWS\system32\mfc45.dll 2008-06-06 23:55 . 2008-06-07 00:58 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\iolo 2008-06-06 23:55 . 2008-06-07 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-06-06 23:50 . 2008-06-06 23:50 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-06 23:49 . 2008-06-07 00:10 <DIR> d-------- C:\Program Files\Windows Live 2008-06-06 23:49 . 2008-06-07 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-06 22:36 . 2008-06-11 19:25 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\VoozieMaker 2008-06-06 22:22 . 2008-06-07 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Make A Voozie 2008-06-06 13:30 . 2008-06-06 13:31 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\BSplayer 2008-06-06 12:48 . 2008-06-06 12:52 684,713,984 --a------ C:\Backup.bkf 2008-06-06 12:45 . 2008-06-06 12:53 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-06-06 12:37 . 2008-06-06 12:37 <DIR> d---s---- C:\Documents and Settings\pc01\UserData 2008-06-06 12:27 . 2008-06-06 12:27 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\K-Meleon 2008-06-06 12:26 . 2008-06-06 12:26 <DIR> d-------- C:\Program Files\K-Meleon 2008-06-06 01:06 . 2008-06-06 01:06 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\ACD Systems 2008-06-05 23:10 . 2008-06-13 02:27 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\mIRC 2008-06-05 19:35 . 2008-06-05 19:35 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Corel 2008-06-05 19:35 . 2008-06-05 19:35 737,280 --a------ C:\WINDOWS\iun6002.exe 2008-06-05 19:10 . 2008-06-05 19:10 <DIR> d-------- C:\Program Files\Opera 2008-06-05 11:22 . 2008-06-05 11:22 <DIR> d-------- C:\Program Files\EA GAMES 2008-06-05 01:03 . 2008-06-05 01:03 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Media Player Classic 2008-06-05 00:44 . 2008-06-05 00:45 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Xfire 2008-06-05 00:44 . 2008-06-05 00:44 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\teamspeak2 2008-06-04 23:53 . 2008-06-04 23:57 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\ICQ 2008-06-04 23:47 . 2008-06-13 00:09 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\skypePM 2008-06-04 23:45 . 2008-06-13 02:11 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Skype 2008-06-04 23:19 . 2008-06-05 18:03 <DIR> d-------- C:\Documents and Settings\pc01\Application Data\Comodo 2008-06-04 22:39 . 2008-06-05 18:03 <DIR> d-------- C:\Program Files\COMODO 2008-06-04 22:28 . 2008-06-04 22:30 <DIR> d-------- C:\Program Files\Unlocker 2008-06-04 20:02 . 2008-06-04 20:02 <DIR> d--hs---- C:\INCINERATE 2008-06-03 23:35 . 2008-06-12 23:10 <DIR> d-------- C:\Program Files\mIRC 2008-06-01 23:45 . 2008-06-04 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-06-01 10:55 . 2008-06-01 10:55 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer 2008-06-01 10:55 . 2008-06-04 18:21 <DIR> d-------- C:\Program Files\DAEMON Tools 2008-06-01 10:54 . 2008-06-01 10:54 <DIR> d-------- C:\enter_host_plugin_directory_here 2008-05-30 13:09 . 2008-05-30 15:38 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-05-30 13:06 . 2008-05-30 13:06 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-05-30 12:43 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-05-30 12:43 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-05-30 12:43 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2008-05-30 12:43 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2008-05-30 12:36 . 2008-05-30 12:36 <DIR> d-------- C:\Program Files\Sega 2008-05-26 12:33 . 2008-05-26 12:33 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-05-24 17:55 . 2008-05-24 17:55 736 --a------ C:\WINDOWS\SamsungMaster.INI 2008-05-24 17:44 . 2008-05-24 17:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-24 17:44 . 2008-05-24 17:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-24 17:38 . 2004-03-09 11:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe 2008-05-23 17:30 . 1995-08-15 02:00 28,113 --a------ C:\WINDOWS\system\OLE2.REG 2008-05-20 23:58 . 2008-05-23 17:29 <DIR> d-------- C:\Program Files\a-squared 2008-05-20 21:06 . 2008-05-23 16:57 26 --a------ C:\WINDOWS\DGcounter.ini 2008-05-20 20:58 . 2008-06-11 19:42 <DIR> d-------- C:\Documents and Settings\Administrator 2008-05-20 20:46 . 2008-05-20 23:01 227 --a------ C:\WINDOWS\AvDetected.ini 2008-05-20 20:45 . 2008-06-13 15:43 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-05-20 18:42 . 2008-05-20 21:08 <DIR> d-------- C:\Program Files\a-squared Anti-Malware 2008-05-20 16:03 . 2008-06-11 21:33 270,336 --a------ C:\WINDOWS\system32\imon.dll 2008-05-20 15:57 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-20 15:57 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-20 15:56 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-20 15:56 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-20 15:56 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-20 15:56 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-20 15:56 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-20 15:56 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-20 15:56 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-19 09:21 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-18 22:33 . 2008-06-12 01:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-18 22:33 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-05-16 22:59 . 2008-06-12 13:42 1,374 --a------ C:\WINDOWS\imsins.BAK . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-13 13:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-06 22:11 --------- d-----w C:\Program Files\MSN Messenger 2008-06-05 20:47 --------- d-----w C:\Program Files\JLC's Software 2008-06-04 18:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-04 18:02 --------- d-----w C:\Program Files\iolo 2008-06-03 21:05 --------- d-----w C:\Program Files\Yahoo! 2008-05-23 16:14 --------- d-----w C:\Program Files\KONAMI 2008-05-20 20:52 --------- d-----w C:\Program Files\Winamp 2008-05-20 20:41 --------- d-----w C:\Program Files\TVPlayerClassic 2008-05-20 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2008-05-19 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-05-16 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-04 18:39 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-04-27 22:34 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-27 22:34 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-26 20:29 --------- d-----w C:\Program Files\Common Files\Synacast 2008-04-26 00:57 --------- d-----w C:\Program Files\PC Camer@ 2008-04-26 00:57 --------- d-----w C:\Program Files\Common Files\PAC207 2008-04-25 22:36 --------- d-----w C:\Program Files\ICQ6 2008-04-25 15:24 --------- d-----w C:\Program Files\Globe7 2008-04-25 14:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-04-23 20:25 --------- d-----w C:\Program Files\Conduit 2008-04-22 22:15 --------- d-----w C:\Program Files\Participatory Culture Foundation 2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-01-16 18:10 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((( snapshot@2008-06-13_13.57.43,93 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-13 10:57:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-13 13:44:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-13 13:45:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_668.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "ares"="C:\Program Files\Ares\Ares.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll "msacm.ac3filter"= ac3filter.acm "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^pc01^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\pc01\Start Menu\Programs\Startup\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] --a------ 2008-05-16 01:19 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disk Cleaner] C:\Program Files\Disk Cleaner\DiskCleaner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\Program Files\FlashGet\FlashGet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] --a------ 2008-04-01 12:40 172280 C:\Program Files\ICQ6\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Make A Voozie] --a------ 2008-02-20 12:00 64000 C:\Documents and Settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Miro] C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci] C:\DOCUME~1\pc01\LOCALS~1\Temp\2008425203639_mcinfo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-07-14 21:35 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2005-10-10 15:49 7286784 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2005-10-10 15:49 86016 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2005-10-10 15:49 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-25 08:45 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Helper] C:\Program Files\Registry Helper\RegistryHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -r------- 2005-09-22 10:42 90112 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spontania Video Collaboration] C:\Program Files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-04-05 19:36 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2004-11-22 08:18 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AVP"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-11-22 15:22] R3 PAC207;PC Camer@;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-20 09:48] S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [] S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-05 03:59] S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95969fb4-f0fb-11dc-8f6e-00138f8a4b78}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e3c57a4-1bac-11dd-91ea-00138f8a4b78}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c97042f6-b3ae-11dc-8ea6-00138f8a4b78}] \Shell\AutoRun\command - E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d587fa53-e5fc-11dc-8f43-00138f8a4b78}] \Shell\AutoRun\command - E:\autorun.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-13 15:56:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\klogon.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\xfire_lsp_9028.dll . Completion time: 2008-06-13 15:59:31 ComboFix-quarantined-files.txt 2008-06-13 13:58:28 ComboFix2.txt 2008-06-13 11:58:46 Pre-Run: 51,242,340,352 bytes free Post-Run: 51,231,588,352 bytes free 290 --- E O F --- 2008-06-12 11:42:49

Profil

DEMIAN Poslao: 13 Jun 2008 16:45 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U logovima među aktivnim procesima/start up delu/servisima itd.. i dalje postoje tragovi raznih AV-a. Ja neću da ti brišem ništa što je legitimno. Kompletna deinstalacija tih programa je (i dalje) na tebi. Nego da završavamo mi ovo što smo započeli.. Prvi korak biće ti isključivanje Spybot Tea Timer komponente. Ako je ne isključiš neće biti moguće brisanje registry ključeva u drugom koraku. Uputstva su ti ispod. Prati ih detaljno (restart je obavezan). Spybot S&D's Teatimer Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. ---------------------------- Znači, tek kada budeš nanovo podigao sistem odradićeš ovo dole; Otvoriti Notepad i iskopirati sledeci tekst: Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95969fb4-f0fb-11dc-8f6e-00138f8a4b78}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e3c57a4-1bac-11dd-91ea-00138f8a4b78}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c97042f6-b3ae-11dc-8ea6-00138f8a4b78}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d587fa53-e5fc-11dc-8f43-00138f8a4b78}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojanac?

Ko je trenutno na forumu

Ukupno su 647 korisnika na forumu :: 21 registrovanih, 1 sakriven i 625 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: anbeast, bojank, Bubimir, cenejac111, DPera, dragoljub11987, goxin, Ivica1102, Kenanjoz, krkalon, Kubovac, kybonacci, mikki jons, milenko crazy north, milos.cbr, Mixelotti, rovac, Srle993, Titan, vlad4, yrraf

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by