Antivirus 2009

1

Antivirus 2009

offline
  • Pridružio: 17 Jan 2009
  • Poruke: 49

Pomagajte,Prvo sam isao na uninstal Antivirus 2009,pa sam sa Malwarebytes' Anti-Malware obrisao nesto,ali mi je i dalje usporen komp!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:34, on 17.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Anonymizer\Anonymizer Software\common\AnonProxy.exe
C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Documents and Settings\Nesa Savkovic\Desktop\TR3\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET Smart Security\nodlogin.exe
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\fix.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25DE9A4-087E-453D-8B82-845A99DB4C94}: NameServer = 195.178.38.3 195.178.38.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 11499 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Zdravo,

Ovako ne valja:


Klikni desno dugme misa na ikonicu programa i odaberi opciju Rename:


Zadaj mu neko bezvezno ime, recimo GH5.EXE ili TR3.EXE, ili bilo sta drugo samo da se ne spominje HijackThis:


i onda mi postavi novi log.

offline
  • Pridružio: 17 Jan 2009
  • Poruke: 49

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:18, on 17.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Anonymizer\Anonymizer Software\common\AnonProxy.exe
C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Documents and Settings\Nesa Savkovic\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Nesa Savkovic\Desktop\TR3\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET Smart Security\nodlogin.exe
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\fix.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25DE9A4-087E-453D-8B82-845A99DB4C94}: NameServer = 195.178.38.3 195.178.38.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 11612 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



-----------------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 17 Jan 2009
  • Poruke: 49

Ali nemam takav Nod32,i nemam taj Amon!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Pogledaj sliku sa ovog sajta:

http://training.eset.com/kb/components/com_kb/atta.....mp2a_s.jpg

Tu imas oznaceno.

offline
  • Pridružio: 17 Jan 2009
  • Poruke: 49

Vec sam to odradio i sve zavrsio!
Evo sta je izbacio:


ComboFix 09-01-17.02 - Nesa Savkovic 2009-01-17 21:02:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.1023.343 [GMT 1:00]
Running from: c:\downloads\Software\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\pthreadVC.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-17 19:24 . 2009-01-17 19:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 19:24 . 2009-01-17 19:24 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Malwarebytes
2009-01-17 19:24 . 2009-01-17 19:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 19:24 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 19:24 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 17:35 . 2009-01-17 17:44 <DIR> d-------- c:\program files\Shock Utility
2009-01-17 17:34 . 2009-01-17 17:44 65,536 --a------ c:\windows\IFinst27.exe
2009-01-17 16:56 . 2009-01-17 16:56 <DIR> d-------- c:\program files\FogelSoft
2009-01-17 16:31 . 2009-01-17 16:31 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-17 16:30 . 2009-01-17 16:30 <DIR> d-------- c:\program files\MSBuild
2009-01-17 16:30 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-17 16:30 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-17 16:30 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-17 16:30 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-17 16:30 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-17 16:30 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-17 16:30 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-17 16:25 . 2009-01-17 16:25 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-17 00:17 . 2009-01-17 00:18 <DIR> d-------- c:\program files\Swatians Team
2009-01-16 23:26 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-01-16 23:26 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-16 23:26 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-01-16 23:26 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-01-16 23:26 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-01-16 23:26 . 2008-09-25 09:03 81,920 --a------ c:\windows\system32\dpl100.dll
2009-01-16 23:26 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-01-16 23:25 . 2009-01-16 23:26 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-16 23:25 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll
2009-01-16 23:25 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-01-16 23:25 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-01-16 17:45 . 2009-01-16 17:45 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-01-16 17:45 . 2009-01-16 17:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2009-01-16 14:54 . 2009-01-17 12:05 <DIR> d-------- c:\program files\vghd
2009-01-15 14:49 . 2009-01-15 15:04 <DIR> d-------- c:\program files\Serious Sam 2
2009-01-15 01:07 . 2009-01-15 01:07 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-15 00:38 . 2009-01-15 00:38 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\MAGIX
2009-01-15 00:37 . 2009-01-15 00:37 <DIR> d-------- c:\program files\MAGIX
2009-01-15 00:37 . 2009-01-15 00:37 <DIR> d-------- c:\program files\Common Files\MAGIX Shared
2009-01-15 00:37 . 2009-01-15 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\MAGIX
2009-01-15 00:36 . 2009-01-15 00:38 <DIR> d-------- c:\windows\system32\MAGIX
2009-01-15 00:36 . 2007-12-04 15:20 700,416 --a------ c:\windows\system32\mgxoschk.dll
2009-01-15 00:36 . 2009-01-15 00:37 5,937 --a------ c:\windows\mgxoschk.ini
2009-01-14 21:29 . 2009-01-17 21:01 <DIR> d-------- c:\program files\MODEM Mobile Connection
2009-01-14 21:29 . 2008-07-15 11:39 104,960 --a------ c:\windows\system32\drivers\ZTEusbser6k.sys
2009-01-14 21:29 . 2008-07-15 11:39 104,960 --a------ c:\windows\system32\drivers\ZTEusbnmea.sys
2009-01-14 21:29 . 2008-07-15 11:39 104,960 --a------ c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-01-14 15:26 . 2009-01-16 15:01 5 --a------ c:\windows\sbacknt.bin
2009-01-14 15:24 . 2009-01-16 15:01 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\vghd
2009-01-14 15:24 . 2009-01-16 14:54 152,904 --a------ c:\windows\system32\vghd.scr
2009-01-14 01:47 . 2009-01-14 01:47 <DIR> d-------- c:\program files\EA GAMES
2009-01-14 01:47 . 2004-08-18 04:14 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-01-14 01:21 . 2009-01-14 01:21 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-14 01:21 . 2001-07-06 05:41 569,344 --a------ c:\windows\system32\imagr5.dll
2009-01-14 01:21 . 2001-07-06 03:44 544,768 --a------ c:\windows\system32\imagx5.dll
2009-01-14 01:21 . 2001-07-06 09:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2009-01-14 01:21 . 2008-05-09 21:13 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-14 01:21 . 2003-03-29 06:45 89,184 --------- c:\windows\system32\drivers\imagedrv.sys
2009-01-14 01:21 . 2003-05-26 05:12 57,344 --------- c:\windows\system32\ImageDrive.cpl
2009-01-14 01:21 . 2001-06-25 23:15 38,912 --a------ c:\windows\system32\picn20.dll
2009-01-13 23:40 . 2009-01-13 23:40 <DIR> d-------- c:\windows\Sun
2009-01-13 23:23 . 2009-01-13 23:23 <DIR> d-------- c:\program files\SopFilter
2009-01-13 23:14 . 2009-01-13 23:14 <DIR> d-------- C:\ProgramData
2009-01-13 23:02 . 2009-01-13 23:02 <DIR> d-------- c:\program files\Readon Technology
2009-01-13 22:17 . 2009-01-13 22:17 <DIR> d-------- c:\program files\AskBarDis
2009-01-13 22:03 . 2009-01-13 22:07 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\VoipDiscount
2009-01-13 22:02 . 2009-01-13 22:02 <DIR> d-------- c:\windows\PaltalkScene
2009-01-13 22:02 . 2009-01-14 21:24 <DIR> d-------- c:\program files\Paltalk Messenger
2009-01-13 22:02 . 2009-01-14 21:24 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Paltalk
2009-01-13 21:00 . 2009-01-15 15:23 <DIR> d-------- c:\program files\Steam
2009-01-13 20:21 . 2009-01-14 01:16 <DIR> d-------- c:\program files\SpeedBit Video Accelerator
2009-01-13 20:21 . 2009-01-13 20:21 <DIR> d-------- c:\program files\AskSBar
2009-01-13 20:15 . 2009-01-17 19:09 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 20:14 . 2009-01-14 01:16 <DIR> d-------- c:\program files\DAP
2009-01-13 19:47 . 2009-01-13 19:47 144 --a------ c:\windows\Eudcedit.ini
2009-01-13 19:16 . 2009-01-13 19:17 <DIR> d-------- c:\program files\CDCheck
2009-01-13 19:07 . 2009-01-13 19:07 <DIR> d-------- c:\program files\Skyler Lyon
2009-01-13 19:03 . 2009-01-17 14:17 <DIR> d---s---- c:\documents and settings\Nesa Savkovic\My Documents
2009-01-13 18:44 . 2009-01-13 18:44 <DIR> d-------- c:\documents and settings\Nesa Savkovic\EurekaLog
2009-01-13 18:41 . 2009-01-13 18:41 <DIR> d-------- c:\program files\Innovative Solutions
2009-01-13 18:34 . 2009-01-13 18:34 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Anonymizer
2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\program files\Anonymizer
2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Anonymizer
2009-01-13 18:33 . 2009-01-13 18:34 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{773E7240-B347-4DFF-A6EF-6E829EDD59DF}
2009-01-13 17:59 . 2009-01-13 18:01 69 --a------ c:\windows\NeroDigital.ini
2009-01-13 17:28 . 2009-01-17 14:09 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Nero
2009-01-13 16:50 . 2009-01-13 16:50 4,767 --a------ c:\windows\Irremote.ini
2009-01-13 16:46 . 2009-01-13 16:46 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-13 16:27 . 2009-01-13 16:49 <DIR> d-------- c:\program files\Nero
2009-01-13 16:26 . 2009-01-13 17:25 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-13 16:26 . 2009-01-13 16:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-13 15:25 . 2009-01-13 15:25 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-13 15:25 . 2009-01-13 15:25 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-13 15:13 . 2009-01-13 15:13 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\DAEMON Tools Pro
2009-01-13 15:13 . 2009-01-13 15:13 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\DAEMON Tools
2009-01-13 15:11 . 2009-01-13 15:19 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-13 15:11 . 2009-01-13 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-13 15:07 . 2009-01-13 15:14 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\DAEMON Tools Lite
2009-01-13 15:07 . 2009-01-13 15:07 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-12 19:38 . 2009-01-12 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Digsby
2009-01-12 19:31 . 2009-01-12 19:31 <DIR> d--hs---- c:\documents and settings\Nesa Savkovic\PrivacIE
2009-01-12 19:19 . 2009-01-12 19:19 <DIR> d--h-c--- c:\windows\ie8
2009-01-12 18:47 . 2009-01-12 18:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winferno
2009-01-12 18:44 . 2009-01-12 18:44 <DIR> d-------- c:\program files\Digsby
2009-01-12 18:44 . 2009-01-12 19:38 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Digsby
2009-01-12 18:41 . 2009-01-12 18:41 <DIR> d-------- c:\program files\Smart-Shopper
2009-01-12 18:41 . 2009-01-17 17:37 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Smart-Shopper
2009-01-12 01:24 . 2009-01-12 01:24 <DIR> d-------- c:\program files\Real
2009-01-12 01:24 . 2009-01-12 01:24 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-12 01:24 . 2009-01-12 01:24 <DIR> d-------- c:\program files\Common Files\Real
2009-01-12 00:51 . 2009-01-12 15:10 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-11 21:10 . 2009-01-11 21:10 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\vlc
2009-01-11 21:04 . 2009-01-11 21:04 <DIR> d-------- c:\program files\VideoLAN
2009-01-11 20:47 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-11 20:47 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-11 20:46 . 2009-01-11 20:46 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-01-10 23:52 . 2009-01-10 23:52 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\CyberLink
2009-01-10 16:59 . 2009-01-10 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-10 16:58 . 2009-01-10 16:58 <DIR> d-------- c:\program files\CyberLink
2009-01-10 16:03 . 2009-01-16 19:35 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\FaxCtr
2009-01-10 15:59 . 2009-01-10 15:59 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Lexmark Productivity Studio
2009-01-10 15:57 . 2009-01-10 15:57 <DIR> d-------- c:\program files\lx_cats
2009-01-10 15:56 . 2009-01-10 15:56 <DIR> d-------- C:\logs
2009-01-10 15:56 . 2007-03-28 14:16 344,064 --a------ c:\windows\system32\lxddcoin.dll
2009-01-10 15:56 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2009-01-10 15:56 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 20:29 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-14 00:21 --------- d-----w c:\program files\Ahead
2009-01-13 19:14 --------- d-----w c:\program files\Google
2009-01-09 17:49 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-29 15:34 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-29 11:08 --------- d-----w c:\program files\PowerQuest
2008-12-29 11:03 --------- d-----w c:\program files\ESET
2008-12-29 11:03 --------- d-----w c:\documents and settings\Nesa Savkovic\Application Data\ESET
2008-12-29 11:00 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-29 10:46 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-29 10:39 --------- d-----w c:\program files\Realtek
2008-12-29 10:38 --------- d-----w c:\program files\totalcmd
2008-12-29 10:36 --------- d-----w c:\program files\Analog Devices
2008-12-29 10:27 --------- d-----w c:\program files\Intel
2008-12-29 10:18 --------- d-----w c:\program files\microsoft frontpage
.

------- Sigcheck -------

2004-08-04 09:56 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\explorer.exe
2004-08-04 09:56 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\system32\dllcache\explorer.exe

2004-08-04 09:56 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\wuauclt.exe
2004-08-04 09:56 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}]
2004-08-04 07:59 296960 --a------ c:\windows\system32\winsystems.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 17:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-02 3399727]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-13 119280]
"Anonymizer"="c:\program files\Anonymizer\Anonymizer Software\Anonymizer.exe" [2008-11-17 1557176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NodLogin"="c:\program files\ESET\ESET Smart Security\nodlogin.exe" [2008-06-19 358632]
"TrialReset"="c:\windows\fix.exe" [2008-04-28 208353]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-07-24 3712512]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-12 185872]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2008-05-09 155648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-01 10:22 7618560 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Documents and Settings\\Nesa Savkovic\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Nesa Savkovic\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2815:TCP"= 2815:TCP:*:Disabled:SolidNetworkManager
"2815:UDP"= 2815:UDP:*:Disabled:SolidNetworkManager

R4 AnonMgmtSvc;Anonymizer Management Service;c:\program files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe [2008-11-17 37560]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-06-10 468224]
R4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-01-15 1527900]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2009-01-15 544768]
S4 Adidrvqrsw;Adidrvqrsw; [x]
S4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2009-01-10 99248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d2c058a-df68-11dd-9819-0018f3c235b9}]
\Shell\AutoRun\command - G:\Setup.exe
\Shell\open\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5600322-d59a-11dd-bacf-0018f3c235b9}]
\Shell\AutoRun\command - I:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1425521274-839522115-1003.job
- c:\documents and settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-13 12:56]

2009-01-17 c:\windows\Tasks\User_Feed_Synchronization-{EFE6DB31-551B-458A-B3E5-2F7509E8D4CD}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-VoipDiscount - c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
HKCU-Run-eyeBeam SIP Client - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
FF - ProfilePath - c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\Firefox\Profiles\ef28r5vq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\Firefox\Profiles\ef28r5vq.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\Firefox\Profiles\ef28r5vq.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
FF - plugin: c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npvlc.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-17 21:05:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1288-)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\slserv.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\rundll32.exe
c:\program files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Anonymizer\Anonymizer Software\Common\AnonProxy.exe
.
**************************************************************************
.
Completion time: 2009-01-17 21:08:58 - machine was rebooted [Nesa Savkovic]
ComboFix-quarantined-files.txt 2009-01-17 20:08:55

Pre-Run: 16,781,647,872 bytes free
Post-Run: 16,834,326,528 bytes free

336

Dopuna: 17 Jan 2009 21:44

Sta sada da radim?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Da cekas dalja uputstva koja ces dobiti u toku noci ili sledeceg dana.

Dopuna: 17 Jan 2009 23:01

Uploaduj mi sledeci fajl:
c:\windows\fix.exe

na ovaj link:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 17 Jan 2009
  • Poruke: 49

Uradio sam sta si rekao!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Iskljuci ponovo antivirus.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\winsystems.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d2c058a-df68-11dd-9819-0018f3c235b9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5600322-d59a-11dd-bacf-0018f3c235b9}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 1290 korisnika na forumu :: 72 registrovanih, 7 sakrivenih i 1211 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Apok, Atomski čoban, b_z_b, Bane san, Boris90, Boter, Botovac, Buda Baba, ccoogg123, Cobi026, comi_pfc, dane007, dankisha, darkojbn, dartxxq, doklevise, draganl, dragoljub11987, Drug pukovnik, Džordžino, ekozelj, FOX, hooraay, hyla, ivan1973, ivica976, JOntra, kaptain, Khaless, kosticmilanko, lidija2011, Mark Mazover, Mimikrija, miodrag, Mixelotti, mkukoleca, moldway, Motocar, nebkv, nebojsag, opt1, Oscar2, pandur, Paor, pceklic, pedja.st, radoznao, rkekoke, S2M, sabros, simazr, Sirius, slonic_tonic, solic, srbijaiznadsvega, Srle993, stagezin, trajkoni018, trikomso, Trpe Grozni, Van, vasa.93, virked, Vlad000, vladom6, Voja1978, wizzardone, Wrangler, YU-UKI, yufighter, zhuki8, zxstole