MyCity » Ambulanta -> Arhiva Ambulante » Molim pomoc

Molim pomoc

Napisano na dan: 13.4.2009

Strana:
1
2

Molim pomoc

Sledeća strana

Pagination

Odgovori

Strana:
1
2

dovlinho Poslao: 13 Apr 2009 09:21 Idi na vrh
offline dovlinho Novi MyCity građanin Pridružio: 13 Apr 2009 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skoro sam pokrenuo AVG antivirus scan i ocistio kompjuter, bar sam se tako andao... onda nakomn toga kad god pokusa da odem na neku internet adresu, komp me redirektuje sa te adrese i salje ne neku gde verovatno ima virus... ovo mi je rezultat sa hijackthis provere koju sam radio, pa ako iko mzoe da pomogne.... hvala unapred.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:14:52 AM, on 4/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\kkw_run.exe C:\WINDOWS\system32\kmw_run.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Alex and Vlad\Desktop\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = search.live.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = search.live.com/sphome.aspx O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\KENSIN~1\MouseWorks\IE_KMW.DLL (file missing) O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [86060274822232123550295836171067] C:\Program Files\Antivirus 2009\av2009.exe O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - myitlab.pearsoned.com/Pegasus/Modules/SIMIn.....x/stub.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C7645C32-9931-4C39-A5A2-3846E4CDCD6B}: NameServer = 85.255.112.132,85.255.112.188 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.132,85.255.112.188 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.132,85.255.112.188 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.132,85.255.112.188 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8144 bytes

Profil

argus Poslao: 13 Apr 2009 09:51 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface). * Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

dovlinho Poslao: 13 Apr 2009 10:15 Idi na vrh
offline dovlinho Novi MyCity građanin Pridružio: 13 Apr 2009 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 13 Apr 2009 10:14 ComboFix 09-04-13.A0 - Alex and Vlad 2009-04-13 4:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.452 [GMT -4:00] Running from: c:\documents and settings\Alex and Vlad\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) FW: ZoneAlarm Firewall enabled . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\ipdll.dll c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\admintxt.txt c:\windows\IE4 Error Log.txt c:\windows\system32\drivers\gxvxchqbjhghjachtsmygkigcmlyueblpmbvc.sys c:\windows\system32\gxvxcbfewcmxpvoodbqwidrnyttwjsdhudomq.dll ----- BITS: Possible infected sites ----- hxxp://ping-host.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gxvxcserv.sys ((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 ))))))))))))))))))))))))))))))) . 2009-04-13 06:13 . 2009-04-13 06:53 4 ----a-w c:\windows\system32\gxvxccounter 2009-04-12 04:42 . 2005-09-26 00:11 2494464 ----a-w c:\windows\system32\advrcntr2.dll 2009-04-12 03:57 . 2009-04-12 04:00 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\BSplayer 2009-04-12 03:30 . 2009-04-13 06:30 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\LimeWire 2009-04-10 03:13 . 2009-04-11 19:33 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\gtk-2.0 2009-04-10 03:13 . 2009-04-10 03:13 -------- d-----w c:\documents and settings\Alex and Vlad\.thumbnails 2009-04-10 03:10 . 2009-04-11 19:33 -------- d-----w c:\documents and settings\Alex and Vlad\.gimp-2.6 2009-04-10 03:09 . 2009-04-10 03:10 -------- d-----w c:\documents and settings\Alex and Vlad\.gegl-0.0 2009-04-03 18:36 . 2009-04-03 18:36 -------- d-----w c:\windows\system32\KB905474 2009-04-03 18:36 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-04-03 18:36 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe 2009-04-03 18:36 . 2009-02-09 22:51 12490 ----a-w c:\windows\system32\KB905474\wga_eula.txt 2009-04-02 20:21 . 2009-04-13 07:14 -------- d--h--w C:\$AVG8.VAULT$ 2009-04-02 19:51 . 2009-04-02 19:51 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-04-02 19:51 . 2009-04-02 19:51 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-04-02 19:51 . 2009-04-02 19:51 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-04-02 19:51 . 2009-04-12 21:20 -------- d-----w c:\windows\system32\drivers\Avg 2009-04-02 19:51 . 2009-04-13 06:53 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-25 00:45 . 2009-03-25 00:45 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\Apple Computer 2009-03-25 00:41 . 2009-03-25 00:41 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-25 00:40 . 2009-03-25 00:40 -------- d-----w c:\documents and settings\Alex and Vlad\Local Settings\Application Data\Apple 2009-03-25 00:40 . 2009-03-25 00:40 -------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-03-25 00:39 . 2009-03-25 00:39 -------- d-----w c:\documents and settings\Alex and Vlad\Local Settings\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-13 05:12 . 2009-04-13 05:11 -------- d-----w c:\program files\PokerStars.NET 2009-04-12 03:21 . 2009-04-12 03:20 -------- d-----w c:\program files\LimeWire 2009-04-10 03:05 . 2009-04-10 03:05 -------- d-----w c:\program files\Gimp-2.0 2009-04-10 03:04 . 2009-04-10 03:04 -------- d-----w c:\program files\Free Offers from Freeze.com 2009-04-09 00:48 . 2008-10-02 00:11 -------- d-----w c:\program files\Common Files\Adobe 2009-04-08 03:15 . 2008-09-28 00:40 -------- d-----w c:\program files\Xvid 2009-04-02 19:51 . 2009-04-02 19:51 -------- d-----w c:\program files\AVG 2009-03-29 22:34 . 2009-03-02 14:58 -------- d-----w c:\documents and settings\All Users\Application Data\Nero 2009-03-25 00:43 . 2009-03-25 00:41 -------- d-----w c:\program files\quicktime 2009-03-25 00:40 . 2009-03-25 00:40 -------- d-----w c:\program files\Apple Software Update 2009-03-17 04:17 . 2008-09-22 03:54 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\Winamp 2009-03-14 17:42 . 2008-10-01 01:48 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\U3 2009-03-14 13:12 . 2008-09-24 05:01 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-13 13:35 . 2007-04-21 04:39 8491999 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-03-13 13:30 . 2006-11-20 01:22 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-03-12 15:33 . 2008-09-21 05:55 66904 ----a-w c:\documents and settings\Alex and Vlad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-12 15:33 . 2009-03-12 15:27 -------- d-----w c:\program files\Microsoft 2009-03-12 15:32 . 2008-09-19 04:36 -------- d-----w c:\program files\Windows Live 2009-03-12 15:31 . 2009-03-12 15:31 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-03-12 15:26 . 2009-03-12 15:26 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-12 15:20 . 2009-03-12 15:20 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-07 08:01 . 2009-03-07 08:01 -------- d-----w c:\program files\MSXML 6.0 2009-03-02 22:49 . 2009-01-24 04:07 -------- d-----w c:\program files\Nero 2009-03-02 22:41 . 2009-03-02 22:39 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\Nero 2009-03-02 16:07 . 2009-03-02 14:58 -------- d-----w c:\program files\Common Files\Nero 2009-03-02 15:33 . 2009-03-02 15:33 -------- d-----w c:\program files\Windows Sidebar 2009-03-02 14:56 . 2008-09-25 04:27 -------- d-----w c:\program files\MSBuild 2009-03-02 14:56 . 2009-03-02 14:56 162592 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-03-02 14:47 . 2009-03-02 14:47 -------- d-----w c:\program files\Reference Assemblies 2009-03-01 03:53 . 2009-03-01 03:53 -------- d-----w c:\program files\Common Files\NSV 2009-02-28 14:55 . 2008-10-02 00:31 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-25 17:51 . 2009-02-25 17:51 268 ---ha-w C:\sqmdata04.sqm 2009-02-25 17:51 . 2009-02-25 17:51 244 ---ha-w C:\sqmnoopt04.sqm 2009-02-25 06:41 . 2009-02-25 06:41 268 ---ha-w C:\sqmdata03.sqm 2009-02-25 06:41 . 2009-02-25 06:41 244 ---ha-w C:\sqmnoopt03.sqm 2009-02-09 10:19 . 2004-08-04 12:00 1846272 ----a-w c:\windows\system32\win32k.sys 2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-01-27 06:23 . 2009-01-27 06:23 268 ---ha-w C:\sqmdata02.sqm 2009-01-27 06:23 . 2009-01-27 06:23 244 ---ha-w C:\sqmnoopt02.sqm 2007-11-10 13:19 . 2007-11-10 13:19 41784 ----a-w c:\documents and settings\Gary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904] "QuickTime Task"="c:\program files\quicktime\QTTask.exe" [2009-01-05 413696] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-02 1932568] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "kkw_run.exe"="kkw_run.exe" [2005-12-15 c:\windows\system32\kkw_run.exe] "kmw_run.exe"="kmw_run.exe" [2005-09-01 c:\windows\system32\kmw_run.exe] c:\documents and settings\Alex and Vlad\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-04-02 15:51 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk * [HKLM\~\startupfolder\C:^Documents and Settings^Alex and Vlad^Start Menu^Programs^Startup^Microsoft Office Groove.lnk] path=c:\documents and settings\Alex and Vlad\Start Menu\Programs\Startup\Microsoft Office Groove.lnk backup=c:\windows\pss\Microsoft Office Groove.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-03 19:02 36352 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] --a------ 2008-11-13 15:18 981904 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"= "c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-02 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-02 108552] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-02 298264] S3 KKW_HID;Kensington HIDClass Filter Driver;c:\windows\system32\DRIVERS\KKW_HID.sys [2005-12-01 14208] . Contents of the 'Scheduled Tasks' folder 2009-04-13 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18] . - - - - ORPHANS REMOVED - - - - BHO-{CE7C3CF0-4B15-11D1-ABED-709549C10000} - c:\progra~1\KENSIN~1\MouseWorks\IE_KMW.DLL HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe HKLM-Run-FixCamera - c:\windows\FixCamera.exe HKLM-Run-MSWheel - (no file) MSConfigStartUp-86060274822232123550295836171067 - c:\program files\Antivirus 2009\av2009.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe FF - ProfilePath - c:\documents and settings\Alex and Vlad\Application Data\Mozilla\Firefox\Profiles\786trie1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-13 04:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(624) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-13 4:11 ComboFix-quarantined-files.txt 2009-04-13 08:11 Pre-Run: 9,515,528,192 bytes free Post-Run: 9,615,650,816 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 214 --- E O F --- 2009-04-03 18:36 Dopuna: 13 Apr 2009 10:15 i sta sada da radi, s obzirom da mi pise da je kompjuter u riziku, i AVG mi se nije pokrenuo...

Profil

argus Poslao: 13 Apr 2009 10:33 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ukljuci AVG dok ne pregledam log i sacekaj odgovor.

Profil

dovlinho Poslao: 13 Apr 2009 10:37 Idi na vrh
offline dovlinho Novi MyCity građanin Pridružio: 13 Apr 2009 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ok... hvala...

Profil

argus Poslao: 13 Apr 2009 11:11 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci ponovo AVG Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\gxvxccounter` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Postavi mi novi HijackThis log

Profil

dovlinho Poslao: 13 Apr 2009 11:27 Idi na vrh
offline dovlinho Novi MyCity građanin Pridružio: 13 Apr 2009 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 13 Apr 2009 11:26 ComboFix 09-04-13.A0 - Alex and Vlad 2009-04-13 5:18.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.296 [GMT -4:00] Running from: c:\documents and settings\Alex and Vlad\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Alex and Vlad\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) FW: ZoneAlarm Firewall enabled * Created a new restore point FILE :: c:\windows\system32\gxvxccounter . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\gxvxccounter . ((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 ))))))))))))))))))))))))))))))) . 2009-04-12 04:42 . 2005-09-26 00:11 2494464 ----a-w c:\windows\system32\advrcntr2.dll 2009-04-12 03:57 . 2009-04-12 04:00 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\BSplayer 2009-04-12 03:30 . 2009-04-13 06:30 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\LimeWire 2009-04-10 03:13 . 2009-04-13 08:57 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\gtk-2.0 2009-04-10 03:13 . 2009-04-10 03:13 -------- d-----w c:\documents and settings\Alex and Vlad\.thumbnails 2009-04-10 03:10 . 2009-04-13 08:57 -------- d-----w c:\documents and settings\Alex and Vlad\.gimp-2.6 2009-04-10 03:09 . 2009-04-10 03:10 -------- d-----w c:\documents and settings\Alex and Vlad\.gegl-0.0 2009-04-03 18:36 . 2009-04-03 18:36 -------- d-----w c:\windows\system32\KB905474 2009-04-03 18:36 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-04-03 18:36 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe 2009-04-03 18:36 . 2009-02-09 22:51 12490 ----a-w c:\windows\system32\KB905474\wga_eula.txt 2009-04-02 20:21 . 2009-04-13 07:14 -------- d--h--w C:\$AVG8.VAULT$ 2009-04-02 19:51 . 2009-04-02 19:51 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-04-02 19:51 . 2009-04-02 19:51 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-04-02 19:51 . 2009-04-02 19:51 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-04-02 19:51 . 2009-04-13 08:37 -------- d-----w c:\windows\system32\drivers\Avg 2009-04-02 19:51 . 2009-04-13 06:53 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-25 00:45 . 2009-03-25 00:45 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\Apple Computer 2009-03-25 00:41 . 2009-03-25 00:41 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-25 00:40 . 2009-03-25 00:40 -------- d-----w c:\documents and settings\Alex and Vlad\Local Settings\Application Data\Apple 2009-03-25 00:40 . 2009-03-25 00:40 -------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-03-25 00:39 . 2009-03-25 00:39 -------- d-----w c:\documents and settings\Alex and Vlad\Local Settings\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-13 08:45 . 2009-04-13 05:11 -------- d-----w c:\program files\PokerStars.NET 2009-04-10 03:05 . 2009-04-10 03:05 -------- d-----w c:\program files\Gimp-2.0 2009-04-10 03:04 . 2009-04-10 03:04 -------- d-----w c:\program files\Free Offers from Freeze.com 2009-04-09 00:48 . 2008-10-02 00:11 -------- d-----w c:\program files\Common Files\Adobe 2009-04-08 03:15 . 2008-09-28 00:40 -------- d-----w c:\program files\Xvid 2009-04-02 19:51 . 2009-04-02 19:51 -------- d-----w c:\program files\AVG 2009-03-29 22:34 . 2009-03-02 14:58 -------- d-----w c:\documents and settings\All Users\Application Data\Nero 2009-03-25 00:43 . 2009-03-25 00:41 -------- d-----w c:\program files\quicktime 2009-03-25 00:40 . 2009-03-25 00:40 -------- d-----w c:\program files\Apple Software Update 2009-03-17 04:17 . 2008-09-22 03:54 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\Winamp 2009-03-14 17:42 . 2008-10-01 01:48 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\U3 2009-03-14 13:12 . 2008-09-24 05:01 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-13 13:35 . 2007-04-21 04:39 8491999 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-03-13 13:30 . 2006-11-20 01:22 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-03-12 15:33 . 2008-09-21 05:55 66904 ----a-w c:\documents and settings\Alex and Vlad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-12 15:33 . 2009-03-12 15:27 -------- d-----w c:\program files\Microsoft 2009-03-12 15:32 . 2008-09-19 04:36 -------- d-----w c:\program files\Windows Live 2009-03-12 15:31 . 2009-03-12 15:31 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-03-12 15:26 . 2009-03-12 15:26 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-12 15:20 . 2009-03-12 15:20 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-07 08:01 . 2009-03-07 08:01 -------- d-----w c:\program files\MSXML 6.0 2009-03-02 22:49 . 2009-01-24 04:07 -------- d-----w c:\program files\Nero 2009-03-02 22:41 . 2009-03-02 22:39 -------- d-----w c:\documents and settings\Alex and Vlad\Application Data\Nero 2009-03-02 16:07 . 2009-03-02 14:58 -------- d-----w c:\program files\Common Files\Nero 2009-03-02 15:33 . 2009-03-02 15:33 -------- d-----w c:\program files\Windows Sidebar 2009-03-02 14:56 . 2008-09-25 04:27 -------- d-----w c:\program files\MSBuild 2009-03-02 14:56 . 2009-03-02 14:56 162592 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-03-02 14:47 . 2009-03-02 14:47 -------- d-----w c:\program files\Reference Assemblies 2009-03-01 03:53 . 2009-03-01 03:53 -------- d-----w c:\program files\Common Files\NSV 2009-02-28 14:55 . 2008-10-02 00:31 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-25 17:51 . 2009-02-25 17:51 268 ---ha-w C:\sqmdata04.sqm 2009-02-25 17:51 . 2009-02-25 17:51 244 ---ha-w C:\sqmnoopt04.sqm 2009-02-25 06:41 . 2009-02-25 06:41 268 ---ha-w C:\sqmdata03.sqm 2009-02-25 06:41 . 2009-02-25 06:41 244 ---ha-w C:\sqmnoopt03.sqm 2009-02-09 10:19 . 2004-08-04 12:00 1846272 ----a-w c:\windows\system32\win32k.sys 2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-01-27 06:23 . 2009-01-27 06:23 268 ---ha-w C:\sqmdata02.sqm 2009-01-27 06:23 . 2009-01-27 06:23 244 ---ha-w C:\sqmnoopt02.sqm 2007-11-10 13:19 . 2007-11-10 13:19 41784 ----a-w c:\documents and settings\Gary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904] "QuickTime Task"="c:\program files\quicktime\QTTask.exe" [2009-01-05 413696] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-02 1932568] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "kkw_run.exe"="kkw_run.exe" [2005-12-15 c:\windows\system32\kkw_run.exe] "kmw_run.exe"="kmw_run.exe" [2005-09-01 c:\windows\system32\kmw_run.exe] c:\documents and settings\Alex and Vlad\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-04-02 15:51 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk * [HKLM\~\startupfolder\C:^Documents and Settings^Alex and Vlad^Start Menu^Programs^Startup^Microsoft Office Groove.lnk] path=c:\documents and settings\Alex and Vlad\Start Menu\Programs\Startup\Microsoft Office Groove.lnk backup=c:\windows\pss\Microsoft Office Groove.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-03 19:02 36352 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] --a------ 2008-11-13 15:18 981904 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"= "c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-02 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-02 108552] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-02 298264] S3 KKW_HID;Kensington HIDClass Filter Driver;c:\windows\system32\DRIVERS\KKW_HID.sys [2005-12-01 14208] . Contents of the 'Scheduled Tasks' folder 2009-04-13 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe FF - ProfilePath - c:\documents and settings\Alex and Vlad\Application Data\Mozilla\Firefox\Profiles\786trie1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-13 05:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(624) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-13 5:23 ComboFix-quarantined-files.txt 2009-04-13 09:23 ComboFix2.txt 2009-04-13 08:12 Pre-Run: 9,658,712,064 bytes free Post-Run: 9,639,309,312 bytes free 191 --- E O F --- 2009-04-03 18:36 Dopuna: 13 Apr 2009 11:27 EVO I ZA HIJACKTHIS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:26:20 AM, on 4/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Alex and Vlad\Desktop\RE3.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - myitlab.pearsoned.com/Pegasus/Modules/SIMIn.....x/stub.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.132,85.255.112.188 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6966 bytes

Profil

argus Poslao: 13 Apr 2009 13:42 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 13 Apr 2009 12:10 Pokreni HJT i oznaci ovu liniju: O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.132,85.255.112.188 Klikni na "Fix checked" Zatim odradi sledece: Klikni Start > Run > cmd > Enter Unesi ipconfig /flushdns > Enter Javi kakvo je stanje.

Profil

dovlinho Poslao: 13 Apr 2009 15:11 Idi na vrh
offline dovlinho Novi MyCity građanin Pridružio: 13 Apr 2009 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! kaze da je successfully flushed the DNS resolver cashe... jel treba jos nesto da radim?

Profil

argus Poslao: 13 Apr 2009 16:50 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, ajde restartuj komjuter i postavi novi HJT log, da proverimo jos jednom.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Molim pomoc

Ko je trenutno na forumu

Ukupno su 1240 korisnika na forumu :: 51 registrovanih, 8 sakrivenih i 1181 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., ajo baba, amaterSRB, Apok, armor, Atomski čoban, bojank, Bubimir, cenejac111, cinoeye, Dorcolac, Futurama, ILGromovnik, Istman, Ivan Campo, JimmyNapoli, Još malo pa deda, Karla, kokodakalo, kolle.the.kid, Krusarac, Krvava Devetka, kuntalo, Lieutenant, Luka1998, Marko Marković, mikrimaus, mile23, milenko crazy north, milimoj, miodrag, moldway, Nemanja.M, NoOneEver Dreams, Oscar2, ozzy, Rakenica, raketaš, raso7, Regrut Boskica, SR-3m, Srki94, stankolich, VP6919, wolverined4, Wrangler, zdrebac, Živković, Žrnov, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by