Mozda virus?

Mozda virus?

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1016

Problem se javio pre nekoliko nedelja pokusavao sam ga resiti na sve nacine,razne programe medutim nista nije pomoglo.Uradio sam Defragmaciju i sada je brzi kompjuter ali bi voleo znati da li moj kompjuter ima virus.

Internet konekcija je 3,4 Mbs.
Imam antivirus Bitdefender.
Problem je sto kad se ukljucuje kompjuter i kad dode do Windows XP treba mu 1 minuta da ucita a kod svih kompjutera oko 5-10 sekundi.

Igrice su pre kocile ali sada ne mada ponekad pocne ali i ne primeti se otkad sam uradio defragmaciju,pa bi voleo da znam da li ima moj kompjuter virus evo ovde su log files:


I evo Attach
https://www.mycity.rs/must-login.png

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Slavko Radic at 9:12:11 on 2013-06-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.364 [GMT 2:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9488E0FA-F058-4673-850E-E755F112BABC}
FW: *Enabled*
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341956071921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
TCP: Interfaces\{DCDA6A31-04D3-488B-BDC7-FBF8DD2AA9B8} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 192.168.1.2 ps2nfs04.ea.com
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\slavko radic\application data\mozilla\firefox\profiles\bgy97gij.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-5-15 633344]
R1 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-5-15 164952]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2013-2-23 21664]
R2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\bitdefender\antivirus free edition\gzserv.exe [2013-3-5 50816]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2013-5-15 1435984]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-5-15 486536]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-1-20 1691480]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2013-6-29 260992]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-06-29 21:22:29 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-29 21:22:18 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 17:48:14 257408 ----a-w- c:\windows\system32\PuranDC.exe
2013-06-29 17:48:14 219520 ----a-w- c:\windows\system32\PuranDefrag.dll
2013-06-29 17:48:13 260992 ----a-w- c:\windows\system32\PuranDefragS.exe
2013-06-29 17:48:13 1136512 ----a-w- c:\windows\system32\PuranFD.exe
2013-06-29 17:48:13 109952 ----a-w- c:\windows\system32\PuranDefragBT.exe
2013-06-29 17:48:08 -------- d-----w- c:\program files\Puran Defrag
2013-06-29 09:25:19 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-06-02 16:51:33 -------- d-----w- c:\documents and settings\slavko radic\local settings\application data\LogMeIn Hamachi
2013-06-02 16:50:49 -------- d-----w- c:\program files\LogMeIn Hamachi
.
==================== Find3M ====================
.
2013-06-29 21:21:43 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-29 21:21:42 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-19 14:07:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-19 14:07:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 18:37:50 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-05-15 18:37:35 633344 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-05-15 18:37:34 486536 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-05-15 18:37:34 164952 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-05-04 22:12:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-05-03 01:26:26 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:13:12,31 ===============

Pa sad vi vidite Smile

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Obrisi ostatke AVG-a

http://www.avg.com/ww-en/utilities



============ Next ==============



Preuzmi FRST - (Farbar Recovery Scan Tool) i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1016

Uradio sam AVG removal evo izvestaja:

Aditional

https://www.mycity.rs/must-login.png

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2013 01
Ran by Slavko Radic (administrator) on 30-06-2013 11:25:04
Running from C:\Documents and Settings\Slavko Radic\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13670504 2010-03-16] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [110696 2010-03-16] (NVIDIA Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Slavko Radic\Application Data\Mozilla\Firefox\Profiles\bgy97gij.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: torntv - C:\Documents and Settings\Slavko Radic\Application Data\Mozilla\Firefox\Profiles\bgy97gij.default\Extensions\torntv@torntv.com.xpi
FF HKLM\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] C:\Program Files\fbphotozoom\fbphotozoom13.xpi

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

========================== Services (Whitelisted) =================

R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [50816 2013-06-29] (Bitdefender)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.)
S4 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [260992 2013-01-17] (Puran Software)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-05-15] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-05-15] (BitDefender)
R1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-05-15] (Bitdefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [134136 2012-10-02] (BitDefender LLC)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-05-15] (BitDefender LLC)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
R3 HSFHWBS2; C:\Windows\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-04] (Conexant Systems, Inc.)
R3 HSF_DP; C:\Windows\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-04] (Conexant Systems, Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [21664 2013-02-23] (REALiX(tm))
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [105344 2006-08-14] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [343456 2012-10-31] (BitDefender S.R.L.)
R3 winachsf; C:\Windows\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-04] (Conexant Systems, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [x]
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S3 NTACCESS; \??\E:\NTACCESS.sys [x]
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S3 SetupNTGLM7X; \??\E:\NTGLM7X.sys [x]
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-30 11:26 - 2013-06-30 11:26 - 00355744 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2013-06-30 11:23 - 2013-06-30 11:23 - 00000000 ____D C:\FRST
2013-06-30 09:13 - 2013-06-30 09:13 - 00011577 ____A C:\Documents and Settings\Slavko Radic\Desktop\attach.txt
2013-06-30 09:13 - 2013-06-30 09:13 - 00008759 ____A C:\Documents and Settings\Slavko Radic\Desktop\dds.txt
2013-06-29 23:22 - 2013-06-29 23:21 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-29 23:22 - 2013-06-29 23:21 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-29 23:22 - 2013-06-29 23:21 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-29 23:22 - 2013-06-29 23:21 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-29 23:22 - 2013-06-29 23:21 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-29 23:21 - 2013-06-29 23:21 - 00000000 ____D C:\Program Files\Java
2013-06-29 19:48 - 2013-06-29 23:12 - 00000000 ____D C:\Program Files\Puran Defrag
2013-06-29 19:48 - 2013-06-29 19:48 - 00000740 ____A C:\Documents and Settings\Slavko Radic\Desktop\Puran Defrag.lnk
2013-06-29 19:48 - 2013-01-17 16:24 - 01136512 ____A (Puran Software) C:\Windows\System32\PuranFD.exe
2013-06-29 19:48 - 2013-01-17 16:23 - 00260992 ____A (Puran Software) C:\Windows\System32\PuranDefragS.exe
2013-06-29 19:48 - 2013-01-17 16:23 - 00257408 ____A (Puran Software) C:\Windows\System32\PuranDC.exe
2013-06-29 19:48 - 2013-01-17 16:23 - 00109952 ____A (Puran Software) C:\Windows\System32\PuranDefragBT.exe
2013-06-29 19:48 - 2012-12-13 12:09 - 00219520 ____A (Puran Software) C:\Windows\System32\PuranDefrag.dll
2013-06-29 19:36 - 2013-06-29 23:59 - 00000000 ____D C:\Documents and Settings\Slavko Radic\My Documents\Command and Conquer Generals Zero Hour Data
2013-06-29 19:21 - 2013-06-29 19:21 - 00000353 ____A C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals Zero Hour .lnk
2013-06-29 19:05 - 2013-06-29 19:05 - 00000349 ____A C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals.lnk
2013-06-29 14:48 - 2013-06-29 14:53 - 00002755 ____A C:\AdwCleaner[S2].txt
2013-06-29 14:47 - 2013-06-29 14:48 - 00002536 ____A C:\AdwCleaner[R2].txt
2013-06-18 22:35 - 2013-06-18 22:35 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-18 22:29 - 2013-06-18 22:31 - 00010979 ____A C:\Windows\KB2838727-IE8.log
2013-06-18 22:02 - 2013-06-18 22:35 - 00013847 ____A C:\Windows\KB2839229.log
2013-06-02 18:51 - 2013-06-30 11:20 - 00000000 ____D C:\Documents and Settings\Slavko Radic\Local Settings\Application Data\LogMeIn Hamachi
2013-06-02 18:51 - 2013-06-30 11:20 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2013-06-02 18:50 - 2013-06-02 18:50 - 00000685 ____A C:\Documents and Settings\All Users\Desktop\LogMeIn Hamachi.lnk
2013-06-02 18:50 - 2013-06-02 18:50 - 00000000 ____D C:\Program Files\LogMeIn Hamachi

==================== One Month Modified Files and Folders ========

2013-06-30 11:26 - 2013-06-30 11:26 - 00355744 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2013-06-30 11:23 - 2013-06-30 11:23 - 00000000 ____D C:\FRST
2013-06-30 11:21 - 2012-03-01 19:24 - 01449781 ____A C:\Windows\WindowsUpdate.log
2013-06-30 11:20 - 2013-06-02 18:51 - 00000000 ____D C:\Documents and Settings\Slavko Radic\Local Settings\Application Data\LogMeIn Hamachi
2013-06-30 11:20 - 2013-06-02 18:51 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2013-06-30 11:20 - 2012-03-01 20:17 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-30 11:20 - 2012-03-01 20:17 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-30 11:20 - 2010-03-16 04:37 - 00276951 ____A C:\Windows\System32\NvApps.xml
2013-06-30 11:19 - 2012-07-19 13:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 11:19 - 2012-03-01 19:30 - 00000062 __ASH C:\Documents and Settings\Slavko Radic\Local Settings\desktop.ini
2013-06-30 11:19 - 2012-03-01 19:29 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-30 11:19 - 2012-03-01 19:29 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 11:19 - 2012-03-01 19:28 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-30 11:17 - 2013-03-07 00:47 - 00998830 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-57989841-606747145-839522115-1003-0.dat
2013-06-30 11:17 - 2013-03-05 23:55 - 00145390 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-06-30 11:17 - 2012-03-01 19:29 - 00032620 ____A C:\Windows\SchedLgU.Txt
2013-06-30 11:06 - 2012-04-13 16:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 10:32 - 2012-07-19 13:00 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 09:13 - 2013-06-30 09:13 - 00011577 ____A C:\Documents and Settings\Slavko Radic\Desktop\attach.txt
2013-06-30 09:13 - 2013-06-30 09:13 - 00008759 ____A C:\Documents and Settings\Slavko Radic\Desktop\dds.txt
2013-06-29 23:59 - 2013-06-29 19:36 - 00000000 ____D C:\Documents and Settings\Slavko Radic\My Documents\Command and Conquer Generals Zero Hour Data
2013-06-29 23:21 - 2013-06-29 23:22 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-29 23:21 - 2013-06-29 23:22 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-29 23:21 - 2013-06-29 23:22 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-29 23:21 - 2013-06-29 23:22 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-29 23:21 - 2013-06-29 23:22 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-29 23:21 - 2013-06-29 23:21 - 00000000 ____D C:\Program Files\Java
2013-06-29 23:21 - 2012-08-02 12:18 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-06-29 23:21 - 2012-03-01 19:45 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-29 23:12 - 2013-06-29 19:48 - 00000000 ____D C:\Program Files\Puran Defrag
2013-06-29 23:10 - 2012-03-01 20:14 - 00142832 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-29 19:48 - 2013-06-29 19:48 - 00000740 ____A C:\Documents and Settings\Slavko Radic\Desktop\Puran Defrag.lnk
2013-06-29 19:29 - 2012-04-27 21:48 - 00001434 ____A C:\Windows\eReg.dat
2013-06-29 19:29 - 2012-03-01 19:36 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-29 19:21 - 2013-06-29 19:21 - 00000353 ____A C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals Zero Hour .lnk
2013-06-29 19:05 - 2013-06-29 19:05 - 00000349 ____A C:\Documents and Settings\All Users\Desktop\Command & Conquer Generals.lnk
2013-06-29 19:02 - 2012-07-12 14:09 - 00000000 ____D C:\Documents and Settings\Slavko Radic\Application Data\uTorrent
2013-06-29 14:53 - 2013-06-29 14:48 - 00002755 ____A C:\AdwCleaner[S2].txt
2013-06-29 14:48 - 2013-06-29 14:47 - 00002536 ____A C:\AdwCleaner[R2].txt
2013-06-29 14:32 - 2012-03-01 20:06 - 00025704 ____A C:\Documents and Settings\Slavko Radic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-29 11:12 - 2004-08-04 14:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-19 16:07 - 2012-04-13 16:30 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-19 16:07 - 2012-03-01 19:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-18 22:35 - 2013-06-18 22:35 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-18 22:35 - 2013-06-18 22:02 - 00013847 ____A C:\Windows\KB2839229.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00721678 ____A C:\Windows\iis6.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00680114 ____A C:\Windows\FaxSetup.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00309369 ____A C:\Windows\tsoc.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00223228 ____A C:\Windows\comsetup.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00205626 ____A C:\Windows\msmqinst.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00135023 ____A C:\Windows\ntdtcsetup.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00118804 ____A C:\Windows\netfxocm.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00047261 ____A C:\Windows\MedCtrOC.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00037097 ____A C:\Windows\ocmsn.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00034366 ____A C:\Windows\tabletoc.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00033834 ____A C:\Windows\msgsocm.log
2013-06-18 22:35 - 2012-12-01 12:57 - 00001374 ____A C:\Windows\imsins.log
2013-06-18 22:35 - 2012-12-01 12:56 - 00325029 ____A C:\Windows\ocgen.log
2013-06-18 22:35 - 2012-07-28 16:58 - 00692959 ____A C:\Windows\setupapi.log
2013-06-18 22:32 - 2012-05-26 06:49 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-18 22:31 - 2013-06-18 22:29 - 00010979 ____A C:\Windows\KB2838727-IE8.log
2013-06-18 22:31 - 2013-01-19 22:34 - 00167334 ____A C:\Windows\updspapi.log
2013-06-18 22:31 - 2012-12-01 12:57 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-02 18:50 - 2013-06-02 18:50 - 00000685 ____A C:\Documents and Settings\All Users\Desktop\LogMeIn Hamachi.lnk
2013-06-02 18:50 - 2013-06-02 18:50 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-06-01 13:18 - 2012-09-17 18:02 - 00000583 ____A C:\Windows\CoD.INI
2013-05-31 18:41 - 2012-03-01 20:13 - 00000223 ___SH C:\boot.ini
2013-05-31 18:41 - 2004-08-04 14:00 - 00000852 ____A C:\Windows\win.ini
2013-05-31 18:41 - 2004-08-04 14:00 - 00000227 ____A C:\Windows\system.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Nemas malware.



Idea Preporucujem ti da koristiš program MCShield za zaštitu od zaraženih USB memorijskih uredaja.

Nakon instalacije programa, prikljuci USB memorijske uredaje, koji ce automatski biti skenirani.
Na kraju skeniranja dobices izveštaj da je uredaj cist ili obaveštenje o uklonjenom malware-u.



Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.

Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1016

Napisano: 30 Jun 2013 13:06

Probao sam ovaj program DelFix. Kada je zavrsio pojavio se notepad ali moj antivirus je blokirao process tog programa mogu ga unblock ali nisam siguran da to uradim .

Ako ti treba Notepad izvestaj javi.

Dopuna: 30 Jun 2013 13:07

I hvala na pomoci Smile

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Iskljuci Antivirus pa ponovo odradi sa Dellfix i ne zaboravi da ponovo ukljucis AV.

Ko je trenutno na forumu
 

Ukupno su 559 korisnika na forumu :: 14 registrovanih, 1 sakriven i 544 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Bane san, djboj, dragon986, drimer, goxin, lekso, stegonosa, Trpe Grozni, vathra, vladetije, vlvl, yufighter, |_MeD_|