molim pomoc

molim pomoc

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 33
  • Gde živiš: Novi Sad

dual boot (xp i linux) posle par meseci sam digao xp i vidim da jedva radi ...
FF mi podize 7-8 min. u neke foldere nema sanse da udjem ...
ako moze pomoc


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:35, on 10.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Msi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Msi\Desktop\pp3\pp3.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Msi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5945 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Pozzzz,

* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-------------------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 33
  • Gde živiš: Novi Sad

ComboFix 08-09-12.09 - Msi 2008-09-13 17:52:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1460 [GMT 2:00]
Running from: D:\DOWN\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Msi\Application Data\.#

.
((((((((((((((((((((((((( Files Created from 2008-08-13 to 2008-09-13 )))))))))))))))))))))))))))))))
.

2008-09-13 02:15 . 2008-09-13 02:18 <DIR> d-------- C:\Program Files\Winamp
2008-09-13 02:15 . 2008-09-13 02:17 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\Winamp
2008-09-11 22:58 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-09-11 22:58 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-09-11 22:58 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-09-11 22:58 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-09-11 22:58 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-09-11 22:58 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-09-11 22:57 . 2008-09-11 22:57 <DIR> d-------- C:\Program Files\Sygate
2008-09-11 22:57 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-09-11 19:29 . 2008-09-11 19:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-11 19:29 . 2008-09-11 19:29 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\SUPERAntiSpyware.com
2008-09-11 19:29 . 2008-09-11 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-11 11:45 . 2008-09-11 11:45 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-09-11 11:45 . 2008-09-11 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ICQ
2008-09-11 11:41 . 2008-09-11 12:05 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\ICQ
2008-09-11 11:40 . 2008-09-11 11:46 <DIR> d-------- C:\Program Files\ICQ6
2008-09-10 18:06 . 2008-09-10 18:05 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-09-09 15:43 . 2008-09-09 15:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-09 03:13 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-09 03:11 . 2008-09-09 03:13 <DIR> d-------- C:\Program Files\Java
2008-09-09 03:11 . 2008-09-09 03:11 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-09 01:13 . 2008-09-09 01:13 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\Malwarebytes
2008-09-09 01:12 . 2008-09-09 01:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-08 23:43 . 2008-09-08 23:43 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-09-08 23:43 . 2008-09-13 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-08 23:43 . 2008-09-13 17:54 1,100,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-08 23:43 . 2008-09-13 17:54 229,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-08 23:43 . 2008-09-08 23:54 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-08 23:43 . 2008-09-08 23:43 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-08 23:43 . 2008-09-13 17:54 10,724 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-08 23:43 . 2008-09-13 17:54 2,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-08 23:41 . 2008-09-08 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-08 12:59 . 2008-09-13 15:52 92 --a------ C:\WINDOWS\wb.ini
2008-09-08 04:05 . 2008-09-13 15:55 4,712 --a------ C:\WINDOWS\langorig.ini
2008-09-08 04:04 . 2008-09-08 04:04 <DIR> d-------- C:\Program Files\Stardock
2008-09-08 04:04 . 2003-02-26 21:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-09-08 04:04 . 2005-01-22 19:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2008-09-08 01:51 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-09-08 01:08 . 2008-09-08 01:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-08 01:05 . 2008-09-08 01:08 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-09-08 00:27 . 2008-09-08 00:27 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{1377D272-D99F-4A4B-9C83-A918F678475B}
2008-09-08 00:07 . 2008-09-08 01:08 <DIR> d-------- C:\Program Files\Uniblue
2008-09-08 00:07 . 2008-09-08 01:08 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\uniblue
2008-09-08 00:06 . 2008-09-08 00:07 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{D994735B-8DC6-4AEE-B720-704A4EC0402E}
2008-09-07 23:57 . 2008-09-07 23:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-07 23:57 . 2008-09-07 23:57 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-07 23:57 . 2008-09-07 23:57 <DIR> d-------- C:\Program Files\MSBuild
2008-09-07 23:53 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-07 23:53 . 2008-07-06 14:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-07 23:53 . 2008-07-06 12:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-07 23:53 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-07 23:53 . 2008-07-06 14:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-07 23:53 . 2008-07-06 14:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-07 23:53 . 2008-07-06 14:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-07 23:25 . 2008-09-07 23:25 <DIR> dr-h----- C:\AHCache
2008-09-07 22:11 . 2008-09-07 22:12 55 --a------ C:\WINDOWS\ScreenHunter.INI
2008-09-07 00:56 . 2008-09-07 00:56 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-07 00:51 . 2008-09-07 00:51 <DIR> d-------- C:\Program Files\NOS
2008-09-07 00:51 . 2008-09-11 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-06 21:26 . 2008-04-15 00:00 1,333,248 --a------ C:\WINDOWS\system32\drivers\athw.sys
2008-09-06 20:55 . 2008-09-06 20:55 <DIR> d-------- C:\Documents and Settings\Msi\.dvdcss
2008-09-05 03:02 . 2008-09-05 03:05 <DIR> d-------- C:\Program Files\Folder Lock
2008-09-05 03:02 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-09-05 03:02 . 2008-03-09 16:02 81,632 --a------ C:\WINDOWS\system32\FLKill.exe
2008-09-05 03:02 . 2008-09-05 03:02 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-09-05 02:54 . 2008-09-05 02:54 <DIR> d-------- C:\Program Files\Webteh
2008-09-05 02:54 . 2008-09-08 04:28 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\BSplayer PRO
2008-09-05 02:46 . 2008-09-12 18:03 <DIR> d-------- C:\Program Files\RMClock
2008-09-05 02:32 . 2008-09-05 02:32 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\ACD Systems
2008-09-05 02:31 . 2008-09-05 02:31 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-09-05 02:31 . 2008-09-05 02:31 <DIR> d-------- C:\Program Files\ACD Systems
2008-09-05 02:31 . 2008-09-05 02:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-05 02:26 . 2008-09-05 02:27 <DIR> d-------- C:\totalcmd
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\UC.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\RAR.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\LHA.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\ARJ.PIF
2008-09-05 02:26 . 2008-09-10 17:33 363 --a------ C:\WINDOWS\wincmd.ini
2008-09-05 02:07 . 2008-09-05 02:08 <DIR> d-------- C:\Program Files\SMPlayer
2008-09-03 23:09 . 2008-09-03 23:09 <DIR> d-------- C:\Program Files\uTorrent
2008-09-01 15:01 . 2008-09-04 09:40 235 --ah----- C:\WINDOWS\sysreg.dat
2008-08-30 03:00 . 2008-08-30 03:00 <DIR> d-------- C:\Documents and Settings\Msi\fontconfig
2008-08-30 02:57 . 2008-09-13 14:51 <DIR> d-------- C:\Documents and Settings\Msi\.smplayer
2008-08-23 23:09 . 2008-09-08 23:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 23:09 . 2008-09-08 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 11:01 . 2008-08-23 11:01 <DIR> d-------- C:\Program Files\Real
2008-08-23 11:01 . 2008-08-23 11:01 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-23 11:01 . 2008-08-23 11:01 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-22 00:32 . 2008-08-22 00:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-08-22 00:32 . 2008-08-22 00:32 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-08-22 00:31 . 2008-08-22 00:31 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-08-22 00:28 . 2008-08-22 00:34 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\iolo
2008-08-22 00:28 . 2008-09-01 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-08-20 18:15 . 2008-08-20 18:15 <DIR> d-------- C:\Program Files\PowerQuest
2008-08-20 18:13 . 2008-08-22 00:49 <DIR> d-------- C:\WINDOWS\Logs
2008-08-20 18:13 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-08-20 18:02 . 2008-04-14 04:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-20 13:33 . 2008-09-13 14:51 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-20 13:24 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-20 13:24 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-20 13:24 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-20 01:30 . 2008-08-20 01:30 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-08-20 01:30 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-08-20 01:30 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-08-20 01:30 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-08-20 01:30 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-08-20 01:30 . 2004-03-03 21:30 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-08-20 01:30 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-08-20 01:30 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-08-20 01:30 . 2004-03-03 21:30 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-08-20 01:29 . 2008-08-20 01:30 <DIR> d-------- C:\Program Files\Ahead
2008-08-19 21:18 . 2008-08-19 21:18 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\Participatory Culture Foundation
2008-08-19 21:02 . 2008-08-19 21:02 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\TuneUp Software
2008-08-19 21:02 . 2008-09-03 21:08 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-19 21:02 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-19 21:01 . 2008-09-09 03:24 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-19 21:01 . 2008-09-11 22:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-19 21:01 . 2008-08-19 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-19 20:47 . 2008-08-19 20:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-19 20:25 . 2008-09-06 19:18 <DIR> d-------- C:\Program Files\SpeedFan
2008-08-19 20:25 . 2008-08-19 20:25 45 --a------ C:\WINDOWS\system32\initdebug.nfo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 00:08 --------- d-----w C:\Documents and Settings\Msi\Application Data\FrostWire
2008-08-19 13:49 --------- d-----w C:\Program Files\FrostWire
2008-08-19 13:47 --------- d-----w C:\Program Files\GRETECH
2008-08-19 13:47 --------- d-----w C:\Documents and Settings\Msi\Application Data\GRETECH
2008-08-19 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-08-19 13:40 --------- d-----w C:\Program Files\CCleaner
2008-08-19 13:13 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-08-19 11:55 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-29 18:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-24 16:02 4,749,824 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-07-23 14:51 16,804,864 ----a-w C:\WINDOWS\RTHDCPL.EXE
2008-07-21 16:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-18 07:12 3,682,240 ----a-w C:\WINDOWS\system32\drivers\RtHDMI.sys
2008-07-15 11:47 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-07-15 11:47 1,196,032 ----a-w C:\WINDOWS\RtkUpd.exe
2008-06-19 14:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.EXE
2008-06-18 16:01 77,824 ----a-w C:\WINDOWS\SOUNDMAN.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-11 1576176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-20 22:57 176128 C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-06-29 13:32 89541 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 10:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-08 03:44 133104 C:\Documents and Settings\Msi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo 3rd Party Reboot]
--a------ 2008-05-22 14:38 451432 C:\Documents and Settings\All Users\Application Data\iolo\IRestartStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 16:20 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-07-23 16:51 16804864 C:\WINDOWS\RTHDCPL.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BisonHK"=C:\WINDOWS\BisonCam\BisonHK.exe
"BsMnt"=C:\WINDOWS\BisonCam\BsMnt.exe
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [ ]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-03 355584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Device Detector - DevDetect.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Msi\Application Data\Mozilla\Firefox\Profiles\fln87ly1.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.rs/
FF -: plugin - C:\Documents and Settings\Msi\Application Data\Mozilla\Firefox\Profiles\fln87ly1.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - C:\Documents and Settings\Msi\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
.
------- File Associations (Beta) -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-13 17:55:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 20 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-09-13 17:56:51 - machine was rebooted [Msi]
ComboFix-quarantined-files.txt 2008-09-13 15:56:47

Pre-Run: 4,008,517,632 bytes free
Post-Run: 3,954,917,376 bytes free

286 --- E O F --- 2008-09-10 15:01:10

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Log je cist, nema znakova malwera.

Uradi jos ovo:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


Pozzz

Ko je trenutno na forumu
 

Ukupno su 1334 korisnika na forumu :: 42 registrovanih, 6 sakrivenih i 1286 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, babaroga, Battlehammer, Brana01, cenejac111, cikadeda, CikaKURE, Dimitrije Paunovic, Dorcolac, DPera, draganl, Faki-Valjevo, galijot, GandorCC, hooraay, hyla, ikan, Istman, kihot, kolle.the.kid, krkalon, Krvava Devetka, kybonacci, Lieutenant, Mcdado, mercedesamg, MilosKop, milutin134, Miroljub1979, Mixelotti, nemkea71, nick79, Parker, prashinar, robert1979, royst33, S-lash, Smd, vathra, wolf431, 79693