DDS (Ver_09-10-26.01) - NTFSx86
Run by PC at 22:55:07,37 on pet 06.11.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.1411 [GMT 1:00]
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\Temp\_ex-08.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost
svchost
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC\Desktop\dds(2).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://www.bsplayer.com/en/user/?cmd=showloginform
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: ShoppingReport: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shoppingreport\bin\2.6.58\ShoppingReport.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shoppingreport\bin\2.6.58\ShoppingReport.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PowerBar]
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [WTClient] WTClient.exe
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [06607726] c:\docume~1\alluse~1\applic~1\06607726\06607726.exe
mRun: [PromoReg] c:\windows\temp\_ex-08.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\documents and settings\pc\start menu\programs\startup\isqsys32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shoppingreport\bin\2.6.58\ShoppingReport.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shoppingreport\bin\2.6.58\ShoppingReport.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\pc\applic~1\mozilla\firefox\profiles\kom4gflf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-6 206256]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-11-2 41456]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-20 108289]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-6 348752]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-6-25 93696]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2007-6-7 18944]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2007-4-23 10752]
S3 Guploosdrun;Guploosdrun;c:\windows\system32\drivers\classpnp.sys [2008-4-13 49536]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2009-11-06 21:04:00 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-06 21:03:55 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-06 21:03:55 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-06 21:03:55 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-06 21:03:52 0 d-----w- c:\program files\common files\PC Tools
2009-11-06 21:03:51 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-06 21:03:48 0 d-----w- c:\program files\Spyware Doctor
2009-11-06 21:03:48 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-05 23:46:27 0 d-----w- c:\program files\ESET
2009-11-05 19:59:22 0 d-----w- c:\program files\WinPcap
2009-10-23 11:34:56 0 d-----w- c:\program files\DAEMON Tools Lite
2009-10-23 11:32:02 715248 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-20 11:20:54 225280 ----a-w- c:\windows\system32\rewire.dll
2009-10-20 11:20:44 1554944 ----a-w- c:\windows\system32\vorbis.acm
2009-10-20 11:20:33 0 d-----w- c:\program files\Outsim
2009-10-20 11:16:52 0 d-----w- c:\program files\Image-Line
2009-10-20 00:48:42 0 d-----w- c:\docume~1\pc\applic~1\AVS4YOU
2009-10-20 00:48:42 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-10-20 00:47:27 0 d-----w- c:\program files\common files\AVSMedia
2009-10-20 00:47:14 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-20 00:46:32 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-10-20 00:46:32 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-10-20 00:46:32 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-10-20 00:46:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-10-20 00:46:32 0 d-----w- c:\program files\AVS4YOU
2009-10-18 16:59:26 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-18 16:59:25 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-18 16:59:24 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-18 16:59:24 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-18 16:49:42 0 d-----w- c:\program files\ShoppingReport
2009-10-18 16:49:42 0 d-----w- c:\docume~1\pc\applic~1\ShoppingReport
2009-10-17 12:11:29 2205046 ----a-w- C:\soundeffect.wav
2009-10-13 18:45:39 0 d-----w- c:\docume~1\alluse~1\applic~1\MSScanAppDataDir
2009-10-13 18:44:31 26872148 ----a-w- C:\scan002.tif
2009-10-13 18:43:41 1038775 ----a-w- C:\scan002.pdf
2009-10-13 18:35:52 349926 ------w- C:\D--scan002.mdi
2009-10-13 18:22:03 1456114 ----a-w- C:\111.jpg
2009-10-11 18:09:36 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-11 18:05:23 0 d-----w- c:\program files\GameSpy Arcade
2009-10-11 14:04:08 0 d-----w- c:\program files\Colony
2009-10-11 14:03:58 0 d-----w- c:\program files\ReflexiveArcade
2009-10-09 13:47:31 10 ----a-w- c:\windows\popcinfo.dat
2009-10-09 12:13:14 0 d-----w- c:\program files\GameHouse
==================== Find3M ====================
2009-08-11 13:43:39 46484 ----a-w- c:\windows\fonts\Alpha Romanie G98.ttf
2004-03-11 11:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-06-20 09:51:46 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-06-20 09:51:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-06-20 09:51:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009062020090621\index.dat
2009-06-20 09:51:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 22:55:43,26 ===============
mycity.rs/must-login.png
Spyware doctor mu je izbrisao dva zarazena file i sada mu komp funkcionise normalno i nestala je ikonica iz toolbara. Ja sam poslala log posle brisanja tih fajlova, pa vidite da li je definitivno uklonjenja zaraza ili ne. Hvala.
|