Provjera log-a

Provjera log-a

offline
  • Pridružio: 15 Mar 2008
  • Poruke: 16

Molim vas provjeru log-a.AVG i Ad-aware nasli neke trojane tj.Vundo pa da vidim da li sam ih se riješila. Komp je bio usporen ali i nakon sto sam ih "kao" obrisala treba mu dosta da se digne i ikonice se sporo otvaraju.Hvala


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:37, on 23.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\anavalic\Desktop\bezveze\bezveze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....6631515133
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....6632630148
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC831896-4C65-4CAE-B516-65296ABE026C}: NameServer = 195.29.150.3,195.29.150.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 6727 bytes

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozdrav...

Uradi sledece :


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).


Takođe, nakon svega, potrebno je postaviti i svež HijackThis logfile.

offline
  • Pridružio: 15 Mar 2008
  • Poruke: 16

Malwarebytes Anti-Malware i sad kao i prije nije nista nasao. AD-aware je nasao nesto ,trazio restart ali nemogu naci log tog skeniranja.Spominjao se neki Nircmd,a AVG je nasao BackDoor .Sdbot4.GSD,Generic10.PTN,Generic10.OSZ;SHeur2.OLI; i to u Sistem Volume Information.Valjda sam obrisala.Probat cu skenirati još jednom pa cemo vidjeti hoce li naci nesto.
Hvala

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kako ne bi bezveze gubili vreme i nagadjali, hajde uradi sledece :

Iskljuci privremeno AVG i Ad-watch ;

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 15 Mar 2008
  • Poruke: 16

Umrijeti cu od sramote ali kako god pokusala isključiti AVG to mi ne uspijeva.Combo javlja da radi.Kako da ga isključim?

Dopuna: 24 Feb 2009 16:16

Evo uspjela sam.Combo je javio da nemam WINDOWS Recovery console ,skinula to i evo log-a. Nadam se da je u redu

ComboFix 09-02-21.01 - anavalic 2009-02-24 16:00:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.950 [GMT 1:00]
Running from: c:\documents and settings\anavalic\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\CmdLineExt.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.

2014-07-31 00:01 . 2014-07-31 00:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ESET
2009-02-23 20:55 . 2009-01-30 22:49 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-23 18:23 . 2009-02-23 18:23 <DIR> d-------- c:\program files\COMODO
2009-02-23 18:23 . 2009-02-23 19:27 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2009-02-23 18:23 . 2009-02-23 18:23 155,384 --a------ c:\windows\system32\guard32.dll
2009-02-23 18:23 . 2009-02-23 18:23 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-02-23 18:23 . 2009-02-23 18:23 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-02-19 22:46 . 2009-02-19 22:46 <DIR> d-------- c:\documents and settings\anavalic\Application Data\Windows Desktop Search
2009-02-19 22:14 . 2004-08-03 23:56 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-19 22:04 . 2009-02-19 22:04 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-19 22:04 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-19 22:00 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-19 21:59 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-19 21:59 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-19 21:59 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-19 21:59 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-19 21:59 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-19 21:59 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-02-19 21:59 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-19 21:57 . 2008-05-01 15:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-02-19 21:56 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-19 20:14 . 2009-02-20 14:54 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-19 19:46 . 2009-02-24 15:42 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-19 19:46 . 2009-02-20 08:38 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-19 19:46 . 2009-02-20 08:38 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-19 19:45 . 2009-02-19 19:45 <DIR> d-------- c:\program files\AVG
2009-02-19 19:45 . 2009-02-20 08:40 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-02-16 17:03 . 2009-02-16 17:03 <DIR> d-------- c:\program files\TryMedia
2009-02-15 09:30 . 2009-02-15 09:55 37,473 --a------ c:\windows\system32\muzika.xm
2009-02-14 20:12 . 2009-02-14 20:12 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Trymedia
2009-02-14 20:03 . 2009-02-14 20:11 <DIR> d-------- c:\program files\PopCap Games
2009-02-14 17:21 . 2009-02-14 17:22 <DIR> d-------- c:\documents and settings\anavalic\Application Data\PowerRangers
2009-02-14 16:38 . 2009-02-14 16:38 <DIR> d-------- c:\program files\Disney Interactive
2009-02-08 17:34 . 2009-02-08 17:34 <DIR> d-------- c:\program files\Activision Value
2009-02-08 17:10 . 2009-02-08 17:10 <DIR> d-------- c:\program files\Fox
2009-02-08 16:58 . 2009-02-08 16:58 <DIR> d-------- c:\program files\Infogrames
2009-02-08 16:25 . 2009-02-08 16:25 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Knowledge Adventure
2009-02-08 15:19 . 2009-02-08 15:19 <DIR> d-------- c:\documents and settings\anavalic\WINDOWS
2009-02-08 15:18 . 2009-02-08 15:18 86 --a------ c:\windows\pipo.INI
2009-02-08 15:14 . 2009-02-08 15:14 <DIR> d-------- c:\program files\Compedia
2009-02-08 15:14 . 1996-02-14 14:01 92,208 --------- c:\windows\system\Wing.dll
2009-02-08 15:14 . 1998-09-02 12:43 81,920 --------- c:\windows\system32\LZSCMPRS.DLL
2009-02-08 15:14 . 1998-03-26 15:25 12,800 --------- c:\windows\system32\Wing32.dll
2009-02-08 15:14 . 2009-02-08 15:14 187 --a------ c:\windows\compedia.ini
2009-02-08 15:13 . 2009-02-08 15:13 <DIR> d-------- c:\documents and settings\anavalic\Application Data\InterTrust
2009-02-08 15:08 . 2009-02-08 15:08 <DIR> d-------- c:\program files\Common Files\Knowledge Adventure
2009-02-08 15:08 . 2009-02-08 15:08 <DIR> d-------- c:\program files\Blaster
2009-02-08 15:08 . 2009-02-08 15:08 83 --a------ c:\windows\ka.ini
2009-02-08 14:37 . 2009-02-08 14:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Winter Sports 2009
2009-02-08 14:36 . 2009-02-08 14:36 <DIR> d-------- c:\program files\ProtectDisc Driver Installer
2009-02-08 14:36 . 2009-02-08 14:36 <DIR> d-------- c:\documents and settings\anavalic\Application Data\ProtectDisc
2009-02-08 14:31 . 2009-02-08 14:34 <DIR> d-------- c:\program files\RTL Winter Sports 2009
2009-02-08 10:27 . 2009-02-08 10:27 <DIR> d-------- c:\documents and settings\anavalic\Application Data\Leadertech
2009-02-08 10:26 . 2009-02-14 16:39 1,430 --a------ c:\windows\disney.ini
2009-02-07 20:19 . 2009-02-07 20:19 23 --a------ c:\windows\BlendSettings.ini
2009-02-06 16:50 . 2009-02-07 16:28 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Firefly Studios
2009-02-04 12:35 . 2009-02-04 12:35 <DIR> d-------- c:\program files\AviSynth 2.5
2009-02-04 12:35 . 2004-02-22 10:11 719,872 --a------ c:\windows\system32\devil.dll
2009-02-04 12:35 . 2008-03-16 14:30 216,064 -r-hs---- c:\windows\system32\nbDX.dll
2009-02-04 12:35 . 2005-02-22 17:55 81,920 -r-hs---- c:\windows\system32\aac_parser.ax
2009-02-04 12:35 . 2007-02-21 12:47 31,232 -r-hs---- c:\windows\system32\msfDX.dll
2009-02-04 12:34 . 2009-02-04 12:34 <DIR> d-------- c:\program files\eRightSoft
2009-02-04 11:54 . 2008-04-13 20:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2009-02-04 11:54 . 2008-04-13 20:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-02-04 11:51 . 2009-02-04 11:51 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-04 11:51 . 2009-02-04 11:51 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-02-03 11:29 . 2009-02-14 16:38 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-03 11:29 . 2009-02-03 11:29 1,409 --a------ c:\windows\QTFont.for
2009-01-26 14:48 . 2009-01-26 14:48 <DIR> d-------- c:\windows\system32\QuickTime
2009-01-26 14:48 . 2009-01-26 14:49 <DIR> d-------- c:\program files\QuickTime
2009-01-26 14:48 . 2009-01-26 14:48 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\QuickTime
2009-01-26 14:48 . 1999-11-10 12:05 86,016 --a------ c:\windows\unvise32qt.exe
2009-01-24 23:23 . 2009-01-24 23:23 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-24 23:21 . 2009-01-24 23:21 <DIR> d-------- c:\program files\Lavasoft
2009-01-24 23:21 . 2009-01-24 23:21 <DIR> d--h-c--- c:\documents and settings\All Users.WINDOWS\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 12:55 . 2009-02-20 00:14 <DIR> d-------- c:\program files\PowerISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 18:46 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-02-21 12:31 --------- d-----w c:\program files\CheboMan
2009-02-21 09:47 --------- d-----w c:\program files\Gutterball 2
2009-02-19 21:45 --------- d-----w c:\program files\Windows Desktop Search
2009-02-19 21:38 --------- d-----w c:\program files\Winamp
2009-02-19 21:22 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-19 21:06 --------- d-----w c:\program files\Windows Live
2009-02-19 19:54 --------- d-----w c:\documents and settings\anavalic\Application Data\Uniblue
2009-02-19 19:54 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DriverScanner
2009-02-18 21:04 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-18 15:21 --------- d-----w c:\documents and settings\anavalic\Application Data\uTorrent
2009-02-15 17:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-15 09:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-08 12:57 --------- d-----w c:\documents and settings\anavalic\Application Data\DAEMON Tools Pro
2009-02-07 17:03 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-06 19:03 --------- d-----w c:\program files\Fab Fashion
2009-02-05 17:26 --------- d-----w c:\program files\Hawaiian Explorer Pearl Harbor
2009-01-24 11:48 --------- d-----w c:\program files\Kaspersky Lab
2009-01-18 08:23 --------- d-----w c:\program files\Holiday Gift
2009-01-17 18:07 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2009-01-10 22:47 --------- d-----w c:\program files\Yahoo!
2009-01-10 15:25 --------- d-----w c:\program files\Hidden Relics
2009-01-10 10:56 --------- d-----w c:\documents and settings\anavalic\Application Data\Abra Academy2
2009-01-07 06:36 --------- d-----w c:\program files\Dr Daisy Pet Vet
2009-01-07 06:26 --------- d-----w c:\documents and settings\anavalic\Application Data\PlayFirst
2009-01-07 06:26 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2009-01-05 16:50 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\CaveDays
2009-01-05 16:49 --------- d-----w c:\program files\Cave Days
2009-01-05 16:40 --------- d-----w c:\program files\Cindys Sundaes
2009-01-05 09:30 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Fugazo
2009-01-05 09:29 --------- d-----w c:\program files\Fashion Fits
2009-01-04 17:46 --------- d-----w c:\documents and settings\anavalic\Application Data\ViquaSoft
2009-01-04 17:09 --------- d-----w c:\program files\Diner Dash Hometown Hero
2009-01-03 16:28 --------- d-----w c:\program files\Amazing Adventures The Lost Tomb
2009-01-02 20:00 --------- d-----w c:\program files\BiP media
2009-01-02 19:31 --------- d-----w c:\documents and settings\anavalic\Application Data\DAEMON Tools Lite
2009-01-02 19:27 --------- d-----w c:\documents and settings\anavalic\Application Data\DAEMON Tools
2009-01-02 19:26 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
2009-01-02 19:21 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-02 13:09 --------- d-----w c:\program files\Baby Luv
2009-01-02 11:46 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AlawarWrapper
2008-12-30 13:47 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Farm Frenzy
2008-12-29 20:32 --------- d-----w c:\documents and settings\anavalic\Application Data\Alawar
2008-12-24 13:06 --------- d-----w c:\documents and settings\anavalic\Application Data\AdobeUM
2008-09-06 21:08 382,352 ----a-w c:\documents and settings\anavalic\jre-6u7-windows-i586-p-iftw.exe
2008-06-22 22:40 3,953,462 ----a-w c:\program files\ffdshow-rev2019_20080622_xxl.exe
1998-04-26 23:00 570,128 ----a-w c:\program files\DAO350.DLL
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2008-07-26 15:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072620080727\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-30 509784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-26 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-20 1601304]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-02-23 1850616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-20 08:38 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54885:TCP"= 54885:TCP:utorrent
"54885:UDP"= 54885:UDP:utorrent
"61111:TCP"= 61111:TCP:utor

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-19 325128]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-02-23 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-02-23 24336]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-19 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-10-02 31504]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-30 22:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DC831896-4C65-4CAE-B516-65296ABE026C} = 195.29.150.3,195.29.150.4
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-24 16:03:00
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688-)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(748-)
c:\windows\system32\guard32.dll
.
Completion time: 2009-02-24 16:04:57
ComboFix-quarantined-files.txt 2009-02-24 15:04:54
ComboFix2.txt 2008-09-20 01:12:07

Pre-Run: 12,796,854,272 bytes free
Post-Run: 12,785,590,272 bytes free

233 --- E O F --- 2008-07-24 00:22:15

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

grobnik ::Umrijeti cu od sramote ali kako god pokusala isključiti AVG to mi ne uspijeva.Combo javlja da radi.Kako da ga isključim?

Nema za sta da te bude sramota... Ja sam taj koji je trebalo da ti to objasnim Embarassed

Log je cist.. sto znaci da su Tvoji Anti-malware programi dobro odradili posao i skratili nam druzenje ovde Smile

Uradi jos samo ovo :

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

offline
  • Pridružio: 15 Mar 2008
  • Poruke: 16

Učinjeno. Hvala na pomoći.

Ko je trenutno na forumu
 

Ukupno su 980 korisnika na forumu :: 38 registrovanih, 7 sakrivenih i 935 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aramis s, BlekMen, Brana01, bufanje, FOX, Frunze, Georgius, ivan979, Ivica1102, kairos, Karla, Kibice, kybonacci, laurusri, ljuba, Luka Blažević, M1los, Marko.anticc, menges, milenko crazy north, Mlav, nemkea71, nenad81, opt1, pein, Rakenica, sasa87, sickmouse, solic, sombrero, Srky Boy, Steeeefan, vathra, VJ, YU-UKI, YugoSlav, zdrebac