Možda tražite i:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:0
virus nod32
NOD32 test i virus?

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc oko Nod32 adaware i virusa

Pomoc oko Nod32 adaware i virusa

Napisano na dan: 27.4.2009

Strana:
1
2

Pomoc oko Nod32 adaware i virusa

Sledeća strana

Pagination

Odgovori

Strana:
1
2

crni_kac Poslao: 27 Apr 2009 14:41 Idi na vrh
offline crni_kac Građanin Pridružio: 25 Apr 2006 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nikako nemogu reinstall nod32 i adaware 2009 anniversary.Da li je komp zarazen? Evo kako to izgleda_ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36:47, on 27.4.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\xp pro\pbcii.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Registry Clean Expert\RCHelper.exe C:\Program Files\honestech\honestech TVR\scheduleTV.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray .exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe C:\Documents and Settings\xp pro\Desktop\New Folder\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = download3000.com/index.php?start=home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\xp pro\pbcii.exe \s, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [inmpsid] C:\WINDOWS\system32\inmpsid.exe \u O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe O8 - Extra context menu item: Download by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{8AD8E4E2-6BD0-4E03-BE2A-4C46E9C6CA27}: NameServer = 89.216.45.193 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll O21 - SSODL: lpegfdQJUUah - {24EFF327-8E45-598D-C495-C3FE5C0DFC65} - C:\WINDOWS\System32\iqvoqv.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing) O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- End of file - 6701 bytes

Profil

diarno Poslao: 27 Apr 2009 15:51 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! * Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin : Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje). * Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora; * Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection. * Na sledece pitanje klikni Yes. Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

crni_kac Poslao: 27 Apr 2009 17:05 Idi na vrh
offline crni_kac Građanin Pridružio: 25 Apr 2006 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! E u tome je problem sto ga nema tu gde bi trebalo a niti ikone za unistall.Evo ovaj log _ ComboFix 09-04-25.A3 - xp pro 27.04.2009 16:51.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1531 [GMT 2:00] Running from: c:\documents and settings\xp pro\Desktop\ComboFix.exe AV: ESET Smart Security 4.0 On-access scanning disabled (Outdated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\divx.dll c:\windows\system32\drivers\RKHit.sys ----- BITS: Possible infected sites ----- hxxp://i5i.in . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RKHIT ((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 ))))))))))))))))))))))))))))))) . 2009-04-27 12:34 . 2009-04-27 12:34 -------- d-----w c:\documents and settings\xp pro\Application Data\Malwarebytes 2009-04-27 12:34 . 2009-04-27 12:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-27 12:31 . 2009-04-27 12:31 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-27 12:03 . 2009-04-27 12:03 33280 ---h--w c:\documents and settings\xp pro\pbcii.exe 2009-04-27 12:03 . 2009-04-27 12:03 33280 ----a-w c:\windows\system32\inmpsid.exe 2009-04-27 11:34 . 2009-04-27 11:34 -------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-04-27 11:34 . 2009-04-27 11:34 -------- d-----w c:\program files\Lavasoft 2009-04-27 11:34 . 2009-04-27 11:34 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-04-27 08:09 . 2009-04-27 08:09 -------- d-----w c:\program files\GameHouse 2009-04-27 08:07 . 2009-04-27 08:07 17408 ----a-w C:\psapi.dll 2009-04-27 07:49 . 2009-04-27 07:49 29170931 ----a-w c:\windows\system32\xa224354343.exe 2009-04-27 07:49 . 2009-04-27 07:49 29170931 ----a-w c:\windows\system32\xa224352843.exe 2009-04-24 13:19 . 2009-04-24 13:19 -------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo 2009-04-19 22:28 . 2009-04-24 16:42 -------- d-----w c:\program files\Registry Clean Expert 2009-04-19 20:41 . 2009-04-19 20:41 -------- d-----w c:\program files\ESET 2009-04-19 20:41 . 2009-04-19 20:41 -------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-04-19 11:58 . 2009-04-19 22:15 -------- d-----w c:\program files\Dc++ klient 2009-04-18 17:39 . 2009-04-18 17:39 -------- d-----w c:\program files\Gekko Mahjongg (Xmas edition) 2009-04-18 14:52 . 2009-04-18 14:52 77824 ----a-w c:\windows\system32\svcnost .exe 2009-04-17 11:56 . 2009-04-17 11:56 -------- d-----w c:\program files\Xvid 2009-04-17 11:56 . 2008-12-13 18:01 77824 ----a-w c:\windows\system32\xvid.ax 2009-04-17 11:56 . 2009-04-17 11:56 -------- d-----w c:\program files\FDRLab 2009-04-17 11:55 . 2009-04-17 11:55 -------- d-----w c:\program files\YouTube Downloader 2009-04-17 08:57 . 2009-04-17 09:44 307 ----a-w c:\windows\game.ini 2009-04-16 21:38 . 2007-02-28 11:33 389120 ----a-w c:\windows\system32\actskn43.ocx 2009-04-16 21:38 . 2009-04-16 21:38 -------- d-----w c:\program files\YouTubeRobot 2009-04-16 14:23 . 2009-04-16 14:23 -------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games 2009-04-16 04:20 . 2009-04-16 04:20 -------- d-----w c:\documents and settings\xp pro\Application Data\Zylom 2009-04-16 04:20 . 2005-08-03 10:48 389120 ----a-w c:\windows\Adventure Inlay.scr 2009-04-16 04:20 . 2009-04-16 04:20 -------- d-----w c:\documents and settings\All Users\Application Data\Zylom 2009-04-09 21:26 . 2009-04-16 15:49 -------- d-----w c:\documents and settings\xp pro\Local Settings\Application Data\Conduit 2009-04-09 21:23 . 2009-04-16 15:49 -------- d-----w c:\program files\Conduit 2009-04-09 20:30 . 2009-04-09 20:30 716272 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-09 20:03 . 2009-04-09 20:03 -------- d-----w c:\program files\Common Files\EZB Systems 2009-04-02 12:59 . 2009-04-02 12:59 -------- d-----w c:\documents and settings\All Users\Application Data\Egoset . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-27 14:43 . 2009-01-09 11:26 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 2 2009-04-27 14:38 . 2008-07-10 20:25 -------- d-----w c:\documents and settings\xp pro\Application Data\uTorrent 2009-04-24 22:20 . 2009-01-09 19:41 -------- d-----w c:\program files\Luxor 4 - Quest for the Afterlife 2009-04-24 17:30 . 2009-04-06 16:05 6017 ----a-w C:\aaw7boot.log 2009-04-23 13:52 . 2009-01-21 11:36 -------- d-----w c:\program files\The KMPlayer 2009-04-19 22:38 . 2008-07-07 13:35 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-19 19:23 . 2009-02-02 22:18 -------- d-----w c:\documents and settings\xp pro\Application Data\EnchantedCavern 2009-04-16 15:47 . 2008-08-01 20:19 -------- d-----w c:\program files\Empire Interactive 2009-04-11 23:00 . 2008-07-11 10:15 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-09 20:03 . 2008-10-05 11:13 -------- d-----w c:\program files\UltraISO 2009-04-06 13:32 . 2009-03-26 15:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2009-03-26 15:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-04 23:58 . 2009-02-02 22:15 -------- d-----w c:\program files\Alawar 2009-03-30 16:55 . 2008-07-18 11:04 -------- d-----w c:\program files\Puzzle Express 2009-03-26 17:08 . 2008-11-22 16:54 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-26 09:19 . 2008-11-05 09:17 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-25 21:30 . 2009-02-28 21:15 -------- d-----w c:\program files\BFDaily 2009-03-22 16:13 . 2008-07-10 20:25 -------- d-----w c:\program files\uTorrent 2009-03-21 01:24 . 2009-03-21 01:24 -------- d-----w c:\documents and settings\xp pro\Application Data\PipeMania 2009-03-21 01:24 . 2009-03-21 01:24 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-03-21 01:23 . 2008-07-11 13:30 -------- d-----w c:\program files\Mahjong Medley 2009-02-28 21:15 . 2009-02-09 22:44 -------- d-----w c:\documents and settings\All Users\Application Data\FireGlow 2009-02-28 13:51 . 2009-02-08 19:40 -------- d-----w c:\program files\Perfect Uninstaller 2009-02-27 23:52 . 2009-02-27 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\AWEM 2009-02-27 23:27 . 2009-02-27 23:27 -------- d-----w c:\documents and settings\All Users\Application Data\AlawarWrapper 2009-01-15 20:43 . 2008-07-07 13:30 18632 ----a-w c:\documents and settings\xp pro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-01-12 21:46 . 2008-10-14 21:01 81920 ----a-w c:\documents and settings\xp pro\Application Data\ezpinst.exe 2009-01-12 21:46 . 2008-10-14 21:01 47360 ----a-w c:\documents and settings\xp pro\Application Data\pcouffin.sys 2007-07-26 19:00 . 2008-07-07 13:51 23800756 ----a-w c:\program files\Burning Studio 7.1.0.exe 2002-07-01 14:13 . 2002-07-01 14:13 224 --sha-w c:\documents and settings\xp pro\Application Data\maildriver32.dat . ------- Sigcheck ------- [-] 2004-08-04 00:56 17408 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\svchost.exe [7] 2004-08-03 23:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys [-] 2004-08-03 23:14 359040 27A5959C94EE173A063CA06BD14F021A c:\windows\system32\drivers\tcpip.sys [-] 2004-08-04 00:56 506368 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\winlogon.exe [-] 2004-08-04 00:56 1034752 D41D8CD98F00B204E9800998ECF8427E c:\windows\explorer.exe [-] 2004-08-04 00:56 110592 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\services.exe [-] 2004-08-04 00:56 14848 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\lsass.exe [-] 2004-08-04 00:56 58880 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] "RegClean Expert Scheduler"="c:\program files\Registry Clean Expert\RCHelper.exe" [2009-04-19 602872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-27 23052] "inmpsid"="c:\windows\system32\inmpsid.exe" [2009-04-27 33280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Scheduler for OEM.lnk - c:\program files\honestech\honestech TVR\scheduleTV.exe [2008-7-7 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "lpegfdQJUUah"= {24EFF327-8E45-598D-C495-C3FE5C0DFC65} - c:\windows\system32\iqvoqv.dll [2004-08-04 32768] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Documents and Settings\\xp pro\\pbcii.exe"= "c:\\WINDOWS\\system32\\inmpsid.exe"= R0 Lbd;Lbd; [x] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-11-07 98840] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208] S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 15:24 41456] S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\DRIVERS\SAA713x.sys [2007-06-29 279552] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-27 953168] S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-09-30 51816] S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2007-06-29 25984] . Contents of the 'Scheduled Tasks' folder 2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.download3000.com/index.php?start=home IE: Download by YouTube Robot - c:\program files\YouTubeRobot\RobotExt.ocx/LINK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {8AD8E4E2-6BD0-4E03-BE2A-4C46E9C6CA27} = 89.216.45.193 FF - ProfilePath - c:\documents and settings\xp pro\Application Data\Mozilla\Firefox\Profiles\ftjliinr.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npzylomgamesplayer.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-27 16:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1645522239-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{586A8F2C-7720-628A-1D0A-FFF4789DE6D3}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iabgbmbjhdkkafdalk"=hex:6a,61,69,61,65,6c,62,65,6d,6b,66,6d,6c,6f,61,6c,70,6d, 6e,6c,00,00 "halkdppjcapfhpfh"=hex:6a,61,69,61,65,6c,62,65,6d,6b,66,6d,6c,6f,61,6c,70,6d, 6e,6c,00,00 "eadhfclbnd"=hex:61,61,00,7c "eajfbpbcmp"=hex:61,61,00,7c [HKEY_USERS\S-1-5-21-1645522239-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A69BA63-A6A3-1087-816D-8AF284205586}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "nadfdmhlofdifbmcnjjpcgfhnpge"=hex:6a,61,67,61,66,6d,6b,6b,61,6a,64,69,70,6c, 6c,6f,6e,63,69,65,00,00 "majffmmmejphpbnmikpamopigk"=hex:6a,61,67,61,6a,6d,6f,6d,65,62,69,61,65,69,61, 61,64,6b,61,69,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2500) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\ctfmon.exe3258177612c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\windows\system32\wscntfy.exe c:\program files\Lavasoft\Ad-Aware\aawtray .exe c:\program files\Internet Explorer\iexplore.exe . ************************************************************************** . Completion time: 2009-04-27 16:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-27 14:56 Pre-Run: 61.118.791.680 bytes free Post-Run: 61.409.030.144 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 243

Profil

diarno Poslao: 27 Apr 2009 20:01 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\documents and settings\xp pro\pbcii.exe c:\windows\system32\inmpsid.exe c:\windows\system32\svcnost .exe c:\windows\system32\iqvoqv.dll Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "inmpsid"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "lpegfdQJUUah"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\xp pro\\pbcii.exe"=- "c:\\WINDOWS\\system32\\inmpsid.exe"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

crni_kac Poslao: 27 Apr 2009 21:27 Idi na vrh
offline crni_kac Građanin Pridružio: 25 Apr 2006 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-25.A3 - xp pro 27.04.2009 21:20.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1424 [GMT 2:00] Running from: c:\documents and settings\xp pro\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\xp pro\Desktop\CFScript.txt AV: ESET Smart Security 4.0 On-access scanning disabled (Outdated) * Created a new restore point FILE :: c:\documents and settings\xp pro\pbcii.exe c:\windows\system32\inmpsid.exe c:\windows\system32\iqvoqv.dll c:\windows\system32\svcnost .exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\xp pro\pbcii.exe c:\windows\system32\inmpsid.exe c:\windows\system32\iqvoqv.dll c:\windows\system32\svcnost .exe . ((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 ))))))))))))))))))))))))))))))) . 2009-04-27 12:34 . 2009-04-27 12:34 -------- d-----w c:\documents and settings\xp pro\Application Data\Malwarebytes 2009-04-27 12:34 . 2009-04-27 12:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-27 12:31 . 2009-04-27 12:31 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-27 11:34 . 2009-04-27 11:34 -------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-04-27 11:34 . 2009-04-27 11:34 -------- d-----w c:\program files\Lavasoft 2009-04-27 11:34 . 2009-04-27 11:34 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-04-27 08:09 . 2009-04-27 08:09 -------- d-----w c:\program files\GameHouse 2009-04-27 08:07 . 2009-04-27 08:07 17408 ----a-w C:\psapi.dll 2009-04-27 07:49 . 2009-04-27 07:49 29170931 ----a-w c:\windows\system32\xa224354343.exe 2009-04-27 07:49 . 2009-04-27 07:49 29170931 ----a-w c:\windows\system32\xa224352843.exe 2009-04-24 13:19 . 2009-04-24 13:19 -------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo 2009-04-19 22:28 . 2009-04-24 16:42 -------- d-----w c:\program files\Registry Clean Expert 2009-04-19 20:41 . 2009-04-19 20:41 -------- d-----w c:\program files\ESET 2009-04-19 20:41 . 2009-04-19 20:41 -------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-04-19 11:58 . 2009-04-19 22:15 -------- d-----w c:\program files\Dc++ klient 2009-04-18 17:39 . 2009-04-18 17:39 -------- d-----w c:\program files\Gekko Mahjongg (Xmas edition) 2009-04-17 11:56 . 2009-04-17 11:56 -------- d-----w c:\program files\Xvid 2009-04-17 11:56 . 2008-12-13 18:01 77824 ----a-w c:\windows\system32\xvid.ax 2009-04-17 11:56 . 2009-04-17 11:56 -------- d-----w c:\program files\FDRLab 2009-04-17 11:55 . 2009-04-17 11:55 -------- d-----w c:\program files\YouTube Downloader 2009-04-17 08:57 . 2009-04-17 09:44 307 ----a-w c:\windows\game.ini 2009-04-16 21:38 . 2007-02-28 11:33 389120 ----a-w c:\windows\system32\actskn43.ocx 2009-04-16 21:38 . 2009-04-16 21:38 -------- d-----w c:\program files\YouTubeRobot 2009-04-16 14:23 . 2009-04-16 14:23 -------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games 2009-04-16 04:20 . 2009-04-16 04:20 -------- d-----w c:\documents and settings\xp pro\Application Data\Zylom 2009-04-16 04:20 . 2005-08-03 10:48 389120 ----a-w c:\windows\Adventure Inlay.scr 2009-04-16 04:20 . 2009-04-16 04:20 -------- d-----w c:\documents and settings\All Users\Application Data\Zylom 2009-04-09 21:26 . 2009-04-16 15:49 -------- d-----w c:\documents and settings\xp pro\Local Settings\Application Data\Conduit 2009-04-09 21:23 . 2009-04-16 15:49 -------- d-----w c:\program files\Conduit 2009-04-09 20:30 . 2009-04-09 20:30 716272 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-09 20:03 . 2009-04-09 20:03 -------- d-----w c:\program files\Common Files\EZB Systems 2009-04-02 12:59 . 2009-04-02 12:59 -------- d-----w c:\documents and settings\All Users\Application Data\Egoset . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-27 19:19 . 2008-07-10 20:25 -------- d-----w c:\documents and settings\xp pro\Application Data\uTorrent 2009-04-27 15:39 . 2009-01-09 11:26 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 2 2009-04-24 22:20 . 2009-01-09 19:41 -------- d-----w c:\program files\Luxor 4 - Quest for the Afterlife 2009-04-24 17:30 . 2009-04-06 16:05 6017 ----a-w C:\aaw7boot.log 2009-04-23 13:52 . 2009-01-21 11:36 -------- d-----w c:\program files\The KMPlayer 2009-04-19 22:38 . 2008-07-07 13:35 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-19 19:23 . 2009-02-02 22:18 -------- d-----w c:\documents and settings\xp pro\Application Data\EnchantedCavern 2009-04-16 15:47 . 2008-08-01 20:19 -------- d-----w c:\program files\Empire Interactive 2009-04-11 23:00 . 2008-07-11 10:15 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-09 20:03 . 2008-10-05 11:13 -------- d-----w c:\program files\UltraISO 2009-04-06 13:32 . 2009-03-26 15:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2009-03-26 15:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-04 23:58 . 2009-02-02 22:15 -------- d-----w c:\program files\Alawar 2009-03-30 16:55 . 2008-07-18 11:04 -------- d-----w c:\program files\Puzzle Express 2009-03-26 17:08 . 2008-11-22 16:54 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-26 09:19 . 2008-11-05 09:17 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-25 21:30 . 2009-02-28 21:15 -------- d-----w c:\program files\BFDaily 2009-03-22 16:13 . 2008-07-10 20:25 -------- d-----w c:\program files\uTorrent 2009-03-21 01:24 . 2009-03-21 01:24 -------- d-----w c:\documents and settings\xp pro\Application Data\PipeMania 2009-03-21 01:24 . 2009-03-21 01:24 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-03-21 01:23 . 2008-07-11 13:30 -------- d-----w c:\program files\Mahjong Medley 2009-02-28 21:15 . 2009-02-09 22:44 -------- d-----w c:\documents and settings\All Users\Application Data\FireGlow 2009-02-28 13:51 . 2009-02-08 19:40 -------- d-----w c:\program files\Perfect Uninstaller 2009-02-27 23:52 . 2009-02-27 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\AWEM 2009-02-27 23:27 . 2009-02-27 23:27 -------- d-----w c:\documents and settings\All Users\Application Data\AlawarWrapper 2009-01-15 20:43 . 2008-07-07 13:30 18632 ----a-w c:\documents and settings\xp pro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-01-12 21:46 . 2008-10-14 21:01 81920 ----a-w c:\documents and settings\xp pro\Application Data\ezpinst.exe 2009-01-12 21:46 . 2008-10-14 21:01 47360 ----a-w c:\documents and settings\xp pro\Application Data\pcouffin.sys 2007-07-26 19:00 . 2008-07-07 13:51 23800756 ----a-w c:\program files\Burning Studio 7.1.0.exe 2002-07-01 14:13 . 2002-07-01 14:13 224 --sha-w c:\documents and settings\xp pro\Application Data\maildriver32.dat . ------- Sigcheck ------- [-] 2004-08-04 00:56 17408 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\svchost.exe [7] 2004-08-03 23:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys [-] 2004-08-03 23:14 359040 27A5959C94EE173A063CA06BD14F021A c:\windows\system32\drivers\tcpip.sys [-] 2004-08-04 00:56 506368 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\winlogon.exe [-] 2004-08-04 00:56 1034752 EE5372FA8F010786D9B53A19C673CE63 c:\windows\explorer.exe [-] 2004-08-04 00:56 110592 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\services.exe [-] 2004-08-04 00:56 14848 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\lsass.exe [-] 2004-08-04 00:56 58880 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] "RegClean Expert Scheduler"="c:\program files\Registry Clean Expert\RCHelper.exe" [2009-04-19 602872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-27 23052] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Scheduler for OEM.lnk - c:\program files\honestech\honestech TVR\scheduleTV.exe [2008-7-7 307200] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= R0 Lbd;Lbd; [x] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-11-07 98840] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208] S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 15:24 41456] S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\DRIVERS\SAA713x.sys [2007-06-29 279552] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-27 953168] S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-09-30 51816] S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2007-06-29 25984] . Contents of the 'Scheduled Tasks' folder 2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:42] . - - - - ORPHANS REMOVED - - - - SSODL-lpegfdQJUUah-{24EFF327-8E45-598D-C495-C3FE5C0DFC65} - c:\windows\system32\iqvoqv.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.download3000.com/index.php?start=home IE: Download by YouTube Robot - c:\program files\YouTubeRobot\RobotExt.ocx/LINK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {8AD8E4E2-6BD0-4E03-BE2A-4C46E9C6CA27} = 89.216.45.193 FF - ProfilePath - c:\documents and settings\xp pro\Application Data\Mozilla\Firefox\Profiles\ftjliinr.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npzylomgamesplayer.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-27 21:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1645522239-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{586A8F2C-7720-628A-1D0A-FFF4789DE6D3}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iabgbmbjhdkkafdalk"=hex:6a,61,69,61,65,6c,62,65,6d,6b,66,6d,6c,6f,61,6c,70,6d, 6e,6c,00,00 "halkdppjcapfhpfh"=hex:6a,61,69,61,65,6c,62,65,6d,6b,66,6d,6c,6f,61,6c,70,6d, 6e,6c,00,00 "eadhfclbnd"=hex:61,61,00,7c "eajfbpbcmp"=hex:61,61,00,7c [HKEY_USERS\S-1-5-21-1645522239-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A69BA63-A6A3-1087-816D-8AF284205586}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "nadfdmhlofdifbmcnjjpcgfhnpge"=hex:6a,61,67,61,66,6d,6b,6b,61,6a,64,69,70,6c, 6c,6f,6e,63,69,65,00,00 "majffmmmejphpbnmikpamopigk"=hex:6a,61,67,61,6a,6d,6f,6d,65,62,69,61,65,69,61, 61,64,6b,61,69,00,00 . Completion time: 2009-04-27 21:23 ComboFix-quarantined-files.txt 2009-04-27 19:23 ComboFix2.txt 2009-04-27 14:56 Pre-Run: 61.232.533.504 bytes free Post-Run: 61.218.447.360 bytes free 211

Profil

diarno Poslao: 27 Apr 2009 23:48 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! kakvo je sad stanje?

Profil

crni_kac Poslao: 28 Apr 2009 00:05 Idi na vrh
offline crni_kac Građanin Pridružio: 25 Apr 2006 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije lose.Kako da reinstaliram nod 32 kada nemam ikone za unistall?

Profil

diarno Poslao: 28 Apr 2009 00:48 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! POkrenes instalacioni fajl i odaberes remove...

Profil

crni_kac Poslao: 28 Apr 2009 06:00 Idi na vrh
offline crni_kac Građanin Pridružio: 25 Apr 2006 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nedaje mi takvu opciju

Profil

diarno Poslao: 28 Apr 2009 16:44 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ne znam sta da ti kazem.. tesko da su ti problemi prouzrokovani malware-om... Kakvo je stanje sa Ad-aware-om..? Ja bih ovo da privodimo kraju jer ovde vise nema znakova aktivnog malware-a.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc oko Nod32 adaware i virusa

Ko je trenutno na forumu

Ukupno su 780 korisnika na forumu :: 11 registrovanih, 3 sakrivenih i 766 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bestguarder, bigfoot, bobomicek, Dorcolac, Lazarus, Milometer, mnn2, samsung, Shilok, Srki94, suton

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by