Antivirus 2009

1

Antivirus 2009

offline
  • Pridružio: 17 Jan 2009
  • Poruke: 49

Pomagajte,Prvo sam isao na uninstal Antivirus 2009,pa sam sa Malwarebytes' Anti-Malware obrisao nesto,ali mi je i dalje usporen komp!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:34, on 17.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Anonymizer\Anonymizer Software\common\AnonProxy.exe
C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Documents and Settings\Nesa Savkovic\Desktop\TR3\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET Smart Security\nodlogin.exe
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\fix.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25DE9A4-087E-453D-8B82-845A99DB4C94}: NameServer = 195.178.38.3 195.178.38.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 11499 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8519
  • Gde živiš: Novi Beograd

Zdravo,

Ovako ne valja:


Klikni desno dugme misa na ikonicu programa i odaberi opciju Rename:


Zadaj mu neko bezvezno ime, recimo GH5.EXE ili TR3.EXE, ili bilo sta drugo samo da se ne spominje HijackThis:


i onda mi postavi novi log.

offline
  • Pridružio: 17 Jan 2009
  • Poruke: 49

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:18, on 17.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Anonymizer\Anonymizer Software\common\AnonProxy.exe
C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Documents and Settings\Nesa Savkovic\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Nesa Savkovic\Desktop\TR3\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET Smart Security\nodlogin.exe
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\fix.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25DE9A4-087E-453D-8B82-845A99DB4C94}: NameServer = 195.178.38.3 195.178.38.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 11612 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8519
  • Gde živiš: Novi Beograd

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



-----------------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 17 Jan 2009
  • Poruke: 49

Ali nemam takav Nod32,i nemam taj Amon!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8519
  • Gde živiš: Novi Beograd

Pogledaj sliku sa ovog sajta:

http://training.eset.com/kb/components/com_kb/atta.....mp2a_s.jpg

Tu imas oznaceno.

offline
  • Pridružio: 17 Jan 2009
  • Poruke: 49

Vec sam to odradio i sve zavrsio!
Evo sta je izbacio:


ComboFix 09-01-17.02 - Nesa Savkovic 2009-01-17 21:02:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.1023.343 [GMT 1:00]
Running from: c:\downloads\Software\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\pthreadVC.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-17 19:24 . 2009-01-17 19:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 19:24 . 2009-01-17 19:24 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Malwarebytes
2009-01-17 19:24 . 2009-01-17 19:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 19:24 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 19:24 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 17:35 . 2009-01-17 17:44 <DIR> d-------- c:\program files\Shock Utility
2009-01-17 17:34 . 2009-01-17 17:44 65,536 --a------ c:\windows\IFinst27.exe
2009-01-17 16:56 . 2009-01-17 16:56 <DIR> d-------- c:\program files\FogelSoft
2009-01-17 16:31 . 2009-01-17 16:31 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-17 16:30 . 2009-01-17 16:30 <DIR> d-------- c:\program files\MSBuild
2009-01-17 16:30 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-17 16:30 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-17 16:30 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-17 16:30 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-17 16:30 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-17 16:30 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-17 16:30 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-17 16:25 . 2009-01-17 16:25 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-17 00:17 . 2009-01-17 00:18 <DIR> d-------- c:\program files\Swatians Team
2009-01-16 23:26 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-01-16 23:26 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-16 23:26 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-01-16 23:26 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-01-16 23:26 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-01-16 23:26 . 2008-09-25 09:03 81,920 --a------ c:\windows\system32\dpl100.dll
2009-01-16 23:26 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-01-16 23:25 . 2009-01-16 23:26 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-16 23:25 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll
2009-01-16 23:25 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-01-16 23:25 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-01-16 17:45 . 2009-01-16 17:45 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-01-16 17:45 . 2009-01-16 17:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2009-01-16 14:54 . 2009-01-17 12:05 <DIR> d-------- c:\program files\vghd
2009-01-15 14:49 . 2009-01-15 15:04 <DIR> d-------- c:\program files\Serious Sam 2
2009-01-15 01:07 . 2009-01-15 01:07 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-15 00:38 . 2009-01-15 00:38 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\MAGIX
2009-01-15 00:37 . 2009-01-15 00:37 <DIR> d-------- c:\program files\MAGIX
2009-01-15 00:37 . 2009-01-15 00:37 <DIR> d-------- c:\program files\Common Files\MAGIX Shared
2009-01-15 00:37 . 2009-01-15 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\MAGIX
2009-01-15 00:36 . 2009-01-15 00:38 <DIR> d-------- c:\windows\system32\MAGIX
2009-01-15 00:36 . 2007-12-04 15:20 700,416 --a------ c:\windows\system32\mgxoschk.dll
2009-01-15 00:36 . 2009-01-15 00:37 5,937 --a------ c:\windows\mgxoschk.ini
2009-01-14 21:29 . 2009-01-17 21:01 <DIR> d-------- c:\program files\MODEM Mobile Connection
2009-01-14 21:29 . 2008-07-15 11:39 104,960 --a------ c:\windows\system32\drivers\ZTEusbser6k.sys
2009-01-14 21:29 . 2008-07-15 11:39 104,960 --a------ c:\windows\system32\drivers\ZTEusbnmea.sys
2009-01-14 21:29 . 2008-07-15 11:39 104,960 --a------ c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-01-14 15:26 . 2009-01-16 15:01 5 --a------ c:\windows\sbacknt.bin
2009-01-14 15:24 . 2009-01-16 15:01 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\vghd
2009-01-14 15:24 . 2009-01-16 14:54 152,904 --a------ c:\windows\system32\vghd.scr
2009-01-14 01:47 . 2009-01-14 01:47 <DIR> d-------- c:\program files\EA GAMES
2009-01-14 01:47 . 2004-08-18 04:14 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-01-14 01:21 . 2009-01-14 01:21 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-14 01:21 . 2001-07-06 05:41 569,344 --a------ c:\windows\system32\imagr5.dll
2009-01-14 01:21 . 2001-07-06 03:44 544,768 --a------ c:\windows\system32\imagx5.dll
2009-01-14 01:21 . 2001-07-06 09:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2009-01-14 01:21 . 2008-05-09 21:13 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-14 01:21 . 2003-03-29 06:45 89,184 --------- c:\windows\system32\drivers\imagedrv.sys
2009-01-14 01:21 . 2003-05-26 05:12 57,344 --------- c:\windows\system32\ImageDrive.cpl
2009-01-14 01:21 . 2001-06-25 23:15 38,912 --a------ c:\windows\system32\picn20.dll
2009-01-13 23:40 . 2009-01-13 23:40 <DIR> d-------- c:\windows\Sun
2009-01-13 23:23 . 2009-01-13 23:23 <DIR> d-------- c:\program files\SopFilter
2009-01-13 23:14 . 2009-01-13 23:14 <DIR> d-------- C:\ProgramData
2009-01-13 23:02 . 2009-01-13 23:02 <DIR> d-------- c:\program files\Readon Technology
2009-01-13 22:17 . 2009-01-13 22:17 <DIR> d-------- c:\program files\AskBarDis
2009-01-13 22:03 . 2009-01-13 22:07 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\VoipDiscount
2009-01-13 22:02 . 2009-01-13 22:02 <DIR> d-------- c:\windows\PaltalkScene
2009-01-13 22:02 . 2009-01-14 21:24 <DIR> d-------- c:\program files\Paltalk Messenger
2009-01-13 22:02 . 2009-01-14 21:24 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Paltalk
2009-01-13 21:00 . 2009-01-15 15:23 <DIR> d-------- c:\program files\Steam
2009-01-13 20:21 . 2009-01-14 01:16 <DIR> d-------- c:\program files\SpeedBit Video Accelerator
2009-01-13 20:21 . 2009-01-13 20:21 <DIR> d-------- c:\program files\AskSBar
2009-01-13 20:15 . 2009-01-17 19:09 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 20:14 . 2009-01-14 01:16 <DIR> d-------- c:\program files\DAP
2009-01-13 19:47 . 2009-01-13 19:47 144 --a------ c:\windows\Eudcedit.ini
2009-01-13 19:16 . 2009-01-13 19:17 <DIR> d-------- c:\program files\CDCheck
2009-01-13 19:07 . 2009-01-13 19:07 <DIR> d-------- c:\program files\Skyler Lyon
2009-01-13 19:03 . 2009-01-17 14:17 <DIR> d---s---- c:\documents and settings\Nesa Savkovic\My Documents
2009-01-13 18:44 . 2009-01-13 18:44 <DIR> d-------- c:\documents and settings\Nesa Savkovic\EurekaLog
2009-01-13 18:41 . 2009-01-13 18:41 <DIR> d-------- c:\program files\Innovative Solutions
2009-01-13 18:34 . 2009-01-13 18:34 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Anonymizer
2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\program files\Anonymizer
2009-01-13 18:33 . 2009-01-13 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Anonymizer
2009-01-13 18:33 . 2009-01-13 18:34 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{773E7240-B347-4DFF-A6EF-6E829EDD59DF}
2009-01-13 17:59 . 2009-01-13 18:01 69 --a------ c:\windows\NeroDigital.ini
2009-01-13 17:28 . 2009-01-17 14:09 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Nero
2009-01-13 16:50 . 2009-01-13 16:50 4,767 --a------ c:\windows\Irremote.ini
2009-01-13 16:46 . 2009-01-13 16:46 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-13 16:27 . 2009-01-13 16:49 <DIR> d-------- c:\program files\Nero
2009-01-13 16:26 . 2009-01-13 17:25 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-13 16:26 . 2009-01-13 16:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-13 15:25 . 2009-01-13 15:25 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-13 15:25 . 2009-01-13 15:25 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-13 15:13 . 2009-01-13 15:13 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\DAEMON Tools Pro
2009-01-13 15:13 . 2009-01-13 15:13 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\DAEMON Tools
2009-01-13 15:11 . 2009-01-13 15:19 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-13 15:11 . 2009-01-13 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-13 15:07 . 2009-01-13 15:14 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\DAEMON Tools Lite
2009-01-13 15:07 . 2009-01-13 15:07 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-12 19:38 . 2009-01-12 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Digsby
2009-01-12 19:31 . 2009-01-12 19:31 <DIR> d--hs---- c:\documents and settings\Nesa Savkovic\PrivacIE
2009-01-12 19:19 . 2009-01-12 19:19 <DIR> d--h-c--- c:\windows\ie8
2009-01-12 18:47 . 2009-01-12 18:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winferno
2009-01-12 18:44 . 2009-01-12 18:44 <DIR> d-------- c:\program files\Digsby
2009-01-12 18:44 . 2009-01-12 19:38 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Digsby
2009-01-12 18:41 . 2009-01-12 18:41 <DIR> d-------- c:\program files\Smart-Shopper
2009-01-12 18:41 . 2009-01-17 17:37 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Smart-Shopper
2009-01-12 01:24 . 2009-01-12 01:24 <DIR> d-------- c:\program files\Real
2009-01-12 01:24 . 2009-01-12 01:24 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-12 01:24 . 2009-01-12 01:24 <DIR> d-------- c:\program files\Common Files\Real
2009-01-12 00:51 . 2009-01-12 15:10 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-11 21:10 . 2009-01-11 21:10 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\vlc
2009-01-11 21:04 . 2009-01-11 21:04 <DIR> d-------- c:\program files\VideoLAN
2009-01-11 20:47 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-11 20:47 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-11 20:46 . 2009-01-11 20:46 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-01-10 23:52 . 2009-01-10 23:52 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\CyberLink
2009-01-10 16:59 . 2009-01-10 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-10 16:58 . 2009-01-10 16:58 <DIR> d-------- c:\program files\CyberLink
2009-01-10 16:03 . 2009-01-16 19:35 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\FaxCtr
2009-01-10 15:59 . 2009-01-10 15:59 <DIR> d-------- c:\documents and settings\Nesa Savkovic\Application Data\Lexmark Productivity Studio
2009-01-10 15:57 . 2009-01-10 15:57 <DIR> d-------- c:\program files\lx_cats
2009-01-10 15:56 . 2009-01-10 15:56 <DIR> d-------- C:\logs
2009-01-10 15:56 . 2007-03-28 14:16 344,064 --a------ c:\windows\system32\lxddcoin.dll
2009-01-10 15:56 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2009-01-10 15:56 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 20:29 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-14 00:21 --------- d-----w c:\program files\Ahead
2009-01-13 19:14 --------- d-----w c:\program files\Google
2009-01-09 17:49 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-29 15:34 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-29 11:08 --------- d-----w c:\program files\PowerQuest
2008-12-29 11:03 --------- d-----w c:\program files\ESET
2008-12-29 11:03 --------- d-----w c:\documents and settings\Nesa Savkovic\Application Data\ESET
2008-12-29 11:00 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-29 10:46 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-29 10:39 --------- d-----w c:\program files\Realtek
2008-12-29 10:38 --------- d-----w c:\program files\totalcmd
2008-12-29 10:36 --------- d-----w c:\program files\Analog Devices
2008-12-29 10:27 --------- d-----w c:\program files\Intel
2008-12-29 10:18 --------- d-----w c:\program files\microsoft frontpage
.

------- Sigcheck -------

2004-08-04 09:56 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\explorer.exe
2004-08-04 09:56 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\system32\dllcache\explorer.exe

2004-08-04 09:56 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\wuauclt.exe
2004-08-04 09:56 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}]
2004-08-04 07:59 296960 --a------ c:\windows\system32\winsystems.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 17:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-02 3399727]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-13 119280]
"Anonymizer"="c:\program files\Anonymizer\Anonymizer Software\Anonymizer.exe" [2008-11-17 1557176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NodLogin"="c:\program files\ESET\ESET Smart Security\nodlogin.exe" [2008-06-19 358632]
"TrialReset"="c:\windows\fix.exe" [2008-04-28 208353]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-07-24 3712512]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-12 185872]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2008-05-09 155648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-01 10:22 7618560 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Documents and Settings\\Nesa Savkovic\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Nesa Savkovic\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2815:TCP"= 2815:TCP:*:Disabled:SolidNetworkManager
"2815:UDP"= 2815:UDP:*:Disabled:SolidNetworkManager

R4 AnonMgmtSvc;Anonymizer Management Service;c:\program files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe [2008-11-17 37560]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-06-10 468224]
R4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-01-15 1527900]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2009-01-15 544768]
S4 Adidrvqrsw;Adidrvqrsw; [x]
S4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2009-01-10 99248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d2c058a-df68-11dd-9819-0018f3c235b9}]
\Shell\AutoRun\command - G:\Setup.exe
\Shell\open\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5600322-d59a-11dd-bacf-0018f3c235b9}]
\Shell\AutoRun\command - I:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1425521274-839522115-1003.job
- c:\documents and settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-13 12:56]

2009-01-17 c:\windows\Tasks\User_Feed_Synchronization-{EFE6DB31-551B-458A-B3E5-2F7509E8D4CD}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-VoipDiscount - c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
HKCU-Run-eyeBeam SIP Client - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
FF - ProfilePath - c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\Firefox\Profiles\ef28r5vq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\Firefox\Profiles\ef28r5vq.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\Firefox\Profiles\ef28r5vq.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
FF - plugin: c:\documents and settings\Nesa Savkovic\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Nesa Savkovic\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npvlc.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-17 21:05:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1288-)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\slserv.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\rundll32.exe
c:\program files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Anonymizer\Anonymizer Software\Common\AnonProxy.exe
.
**************************************************************************
.
Completion time: 2009-01-17 21:08:58 - machine was rebooted [Nesa Savkovic]
ComboFix-quarantined-files.txt 2009-01-17 20:08:55

Pre-Run: 16,781,647,872 bytes free
Post-Run: 16,834,326,528 bytes free

336

Dopuna: 17 Jan 2009 21:44

Sta sada da radim?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8519
  • Gde živiš: Novi Beograd

Da cekas dalja uputstva koja ces dobiti u toku noci ili sledeceg dana.

Dopuna: 17 Jan 2009 23:01

Uploaduj mi sledeci fajl:
c:\windows\fix.exe

na ovaj link:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 17 Jan 2009
  • Poruke: 49

Uradio sam sta si rekao!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8519
  • Gde živiš: Novi Beograd

Iskljuci ponovo antivirus.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\winsystems.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d2c058a-df68-11dd-9819-0018f3c235b9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5600322-d59a-11dd-bacf-0018f3c235b9}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 863 korisnika na forumu :: 59 registrovanih, 7 sakrivenih i 797 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, _Petar, Acaks88, amaterSRB, babaroga, backobaculoni, bladesu, bojank, Boris Bosiljčić, cavatina, cenejac111, comi_pfc, crnitrn, darios, ddjxxi, Denaya, DonRumataEstorski, Dragan1998, dragan_mig31, draggan, dragoljub11987, Ehinacea, FileFinder, Georgius, Goran 0000, ILGromovnik, Insan, ivan979, Joja, JOntra, kairos, kunktator, Leonov, LUDI, m0nstrum_, mane123, MB120mm, MilosKop, Miskohd, mkukoleca, NiNo_8824, pandur, pein, pericanet, promajauglavi, S2M, sabros, saputnik plavetnila, Steeeefan, tubular, VJ, Vlad000, VladaNS1978, Voja1978, wulfy, Yonesky, yrraf, zixmix, zlaya011