Virus?

Virus?

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Napisano: 31 Jul 2009 14:46

Cao , u poslednih nekoliko dana se windwos dosta cudno ponasa.Sam od sebe je promenio fontove (fontovi su mi boldovani ili italic).Tu je hijackthis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:35 PM, on 7/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RivaTuner v2.24\RivaTuner.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\mspdbsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Documents and Settings\Janki\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: DU Meter.lnk = C:\Program Files\DU Meter\DUMeter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8502DD4D-FB55-41C1-B8C9-BFC4D85BCAEE}: NameServer = 10.10.2.79,10.10.2.69,208.67.222.222,208.67.220.220
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6681 bytes

Log iz DDS


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/26/2009 8:07:43 PM
System Uptime: 7/31/2009 9:30:14 AM (5 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA790FX-DS5
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket M2 | 2310/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 50 GiB total, 11.32 GiB free.
D: is FIXED (NTFS) - 248 GiB total, 5.268 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 300 GiB total, 6.926 GiB free.
G: is FIXED (NTFS) - 296 GiB total, 31.347 GiB free.
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&12D501F&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&12D501F&0&0001
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1A4DCD3437
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1A4DCD3437
Service: NIC1394

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
ALSee
ALTools Update
ALZip
Assassin's Creed
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avira Premium Security Suite
BabasChess
BS.Player PRO
Canon iP1900 series Printer Driver
Canon iP1900 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
CDDRV_Installer
CPUID HWMonitor 1.14
Crysis(R)
Crystal Reports Basic for Visual Studio 2008
Dead Space™
Deep Rybka 3
DotAzilla
DU Meter
Foxit PDF Editor
Foxit Reader
Gigabyte Raid Configurer
HD Tach version 3
HijackThis 2.0.2
i-Cool
ICQ6.5
Inkjet Printer/Scanner Extended Survey Program
Java(TM) 6 Update 14
K-Lite Codec Pack 4.5.3 (Full)
KhalInstallWrapper
Logitech SetPoint
Logitech Updater
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft ActiveSync
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Mozilla Firefox (3.5.1)
MSXML 6.0 Parser
Need for Speed™ ProStreet
Nero 7 Premium
Orbit Downloader
PunkBuster Services
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RivaTuner v2.24
Total Commander (Remove or Repair)
TuneUp Utilities 2008
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Warcraft III: All Products
WebFldrs XP
Winamp
Windows Driver Package - Advanced Micro Devices (AmdK8-) Processor (05/27/2006 1.3.2.0)
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

7/30/2009 6:08:26 PM, error: Service Control Manager [7034] - The SecureSrv service terminated unexpectedly. It has done this 2

time(s).
7/30/2009 6:08:16 PM, error: Service Control Manager [7034] - The SecureSrv service terminated unexpectedly. It has done this 1

time(s).
7/30/2009 1:07:25 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The

system cannot find the file specified.
7/27/2009 10:00:43 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer

PVC-322DCE3512F that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8502DD4D-FB5. The master

browser is stopping or an election is being forced.
7/26/2009 8:33:39 PM, error: ipnathlp [31002] - The DNS proxy agent was unable to bind to the IP address 192.168.70.1. This

error may indicate a problem with TCP/IP networking. The data is the error code.
7/26/2009 7:57:28 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
7/26/2009 7:57:22 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers

from the registry. The data is the error code.
7/26/2009 7:57:20 PM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of

name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error

code.
7/25/2009 4:50:16 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.70.1, since the IP

address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the

DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the

scope.
7/25/2009 10:02:39 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP

address 192.168.210.48. The machine with the IP address 192.168.210.102 did not allow the name to be claimed by this machine.
7/24/2009 6:23:42 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for

the COM Server application with CLSID {EF3311EB-539B-4254-B669-6532457D7060} to the user NT AUTHORITY\LOCAL SERVICE SID

(S-1-5-19). This security permission can be modified using the Component Services administrative tool.

==== End Of File ===========================

Dopuna: 31 Jul 2009 14:48

DDS (Ver_09-07-30.01) - NTFSx86
Run by Janki at 14:43:55.29 on Fri 07/31/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1386 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\RivaTuner v2.24\RivaTuner.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Documents and Settings\Janki\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.icq.com/
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTuner.exe" /S
mRun: [RivaTuner] "c:\program files\rivatuner v2.24\RivaTuner.exe" /T
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dumete~1.lnk - c:\program files\du meter\DUMeter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {8502DD4D-FB55-41C1-B8C9-BFC4D85BCAEE} = 10.10.2.79,10.10.2.69,208.67.222.222,208.67.220.220
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\janki\applic~1\mozilla\firefox\profiles\gx9ml7vi.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-7-26 97608]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-26 11608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\avira\antivir desktop\avfwsvc.exe [2009-7-26 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-7-26 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-26 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-7-26 434945]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-26 55640]
R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2009-7-2 1386008]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-7-26 69632]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-27 1684736]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-7-12 12672]

=============== Created Last 30 ================

2009-07-30 13:22 7,168 a---h--- c:\windows\explorer.suo
2009-07-30 13:22 611 a------- c:\windows\explorer.sln
2009-07-28 10:37 <DIR> --d----- c:\program files\BabasChess
2009-07-27 21:15 3,255 a------- c:\windows\system32\wbem\Outlook_01ca0eee96a83cb6.mof
2009-07-27 18:54 <DIR> --d----- c:\windows\Left 4 Dead
2009-07-26 20:33 97,608 a------- c:\windows\system32\drivers\avfwot.sys
2009-07-26 20:33 69,632 a------- c:\windows\system32\drivers\avfwim.sys
2009-07-26 20:33 <DIR> --d----- c:\program files\Avira
2009-07-26 19:10 <DIR> --d----- c:\windows\SxsCaPendDel
2009-07-26 18:16 <DIR> --d----- c:\windows\system32\js
2009-07-26 18:16 <DIR> --d----- c:\windows\system32\images
2009-07-26 18:16 <DIR> --d----- c:\windows\system32\html
2009-07-26 18:16 <DIR> --d----- c:\program files\Business Objects
2009-07-26 18:16 <DIR> --d----- c:\windows\system32\css
2009-07-26 18:13 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-26 18:13 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-07-26 18:12 <DIR> --d----- c:\program files\Microsoft Device Emulator
2009-07-26 18:12 <DIR> --d----- c:\program files\Windows Mobile 5.0 SDK R2
2009-07-26 18:11 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-07-26 18:11 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-07-26 18:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
2009-07-26 18:04 <DIR> --d----- c:\program files\HTML Help Workshop
2009-07-26 18:04 <DIR> --d----- c:\program files\common files\Merge Modules
2009-07-26 18:04 <DIR> --d----- c:\program files\CE Remote Tools
2009-07-26 18:03 <DIR> --d----- c:\program files\Microsoft Web Designer Tools
2009-07-26 03:45 110,080 a------- c:\windows\system32\nLame.dll
2009-07-26 03:45 23,040 a------- c:\windows\system32\auth.dll
2009-07-26 03:31 <DIR> --d----- c:\program files\AviSynth 2.5
2009-07-26 03:28 <DIR> --d----- c:\docume~1\janki\applic~1\River Past G5
2009-07-26 03:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\River Past G5
2009-07-24 00:35 669,184 a------- c:\windows\system32\pbsvc.exe
2009-07-23 23:50 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-07-23 23:50 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-23 23:50 103,736 a------- c:\windows\system32\PnkBstrB.exe
2009-07-23 23:39 <DIR> --d----- c:\windows\system32\LogFiles
2009-07-22 23:11 <DIR> --d----- c:\docume~1\janki\applic~1\Hide IP NG
2009-07-22 23:06 163,840 a------- c:\windows\system32\SecureNet.dll
2009-07-22 23:06 <DIR> --d----- c:\program files\Hide My IP 2009
2009-07-22 04:42 69 a------- c:\windows\NeroDigital.ini
2009-07-21 23:35 <DIR> --d----- c:\program files\common files\Logitech
2009-07-21 22:56 <DIR> --d----- c:\program files\dW3gParser
2009-07-21 15:49 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-21 15:45 <DIR> --d----- c:\program files\Nero
2009-07-21 02:46 46 a------- c:\windows\nfsc_patch.ini
2009-07-17 16:11 <DIR> --d----- c:\documents and settings\janki\EurekaLog
2009-07-12 14:54 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys
2009-07-12 14:54 <DIR> --d----- c:\program files\CPUID
2009-07-11 01:51 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-07-11 01:51 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-11 01:51 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-07-11 01:51 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-11 01:51 301,656 a------- c:\windows\system32\BtCoreIf.dll
2009-07-11 01:51 170,512 a------- c:\windows\system32\kemutb.dll
2009-07-11 01:51 145,936 a------- c:\windows\system32\KemUtil.dll
2009-07-11 01:51 117,264 a------- c:\windows\system32\KemWnd.dll
2009-07-11 01:51 84,496 a------- c:\windows\system32\KemXML.dll
2009-07-07 20:19 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-07 18:56 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2009-07-07 18:56 467,984 a------- c:\windows\system32\d3dx10_38.dll
2009-07-07 18:56 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2009-07-07 18:56 <DIR> --d----- c:\windows\Logs
2009-07-07 00:54 <DIR> --d----- c:\docume~1\janki\applic~1\ChessBase
2009-07-07 00:53 <DIR> --d----- c:\program files\common files\ChessBase
2009-07-07 00:52 <DIR> --d----- c:\program files\ChessBase
2009-07-06 21:05 <DIR> --d----- c:\docume~1\janki\applic~1\Ubisoft
2009-07-06 21:02 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
2009-07-06 21:02 1,374,232 a------- c:\windows\system32\D3DCompiler_36.dll
2009-07-06 21:02 444,776 a------- c:\windows\system32\d3dx10_36.dll
2009-07-06 21:02 267,272 a------- c:\windows\system32\xactengine2_10.dll
2009-07-06 20:57 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-06 20:52 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-07-06 16:27 520 a------- c:\windows\ODBC.INI
2009-07-06 16:27 17,920 a------- c:\windows\system32\mdimon.dll
2009-07-06 16:27 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-07-06 16:26 <DIR> --d----- c:\windows\SHELLNEW
2009-07-06 00:26 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-06 00:26 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-04 11:05 <DIR> --d----- c:\program files\DotAzilla
2009-07-04 10:57 78,201 a------- c:\windows\War3Unin.dat
2009-07-04 10:57 139,264 a------- c:\windows\War3Unin.exe
2009-07-04 10:57 2,829 a------- c:\windows\War3Unin.pif
2009-07-03 20:58 <DIR> --d-h--- c:\windows\Icons
2009-07-02 22:09 <DIR> --d----- c:\windows\system32\Adobe
2009-07-02 21:28 <DIR> --d----- C:\Downloads
2009-07-02 21:28 <DIR> --d----- c:\program files\Orbitdownloader
2009-07-02 20:45 <DIR> --d----- c:\program files\CCleaner
2009-07-02 20:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hagel Technologies
2009-07-02 20:44 <DIR> --d----- c:\program files\DU Meter
2009-07-02 19:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ESTsoft
2009-07-02 18:31 49,664 a------- c:\windows\system32\atimpc32.dll
2009-07-02 12:59 <DIR> --d----- c:\program files\RivaTuner v2.24
2009-07-02 02:10 <DIR> --d----- c:\windows\pss

==================== Find3M ====================

2009-07-26 20:24 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-02 19:49 4,125,696 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-07-02 19:25 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-07-02 19:24 335,872 a------- c:\windows\system32\ati2dvag.dll
2009-07-02 19:07 311,296 a------- c:\windows\system32\atiiiexx.dll
2009-07-02 19:06 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-07-02 19:05 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-07-02 19:05 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-07-02 19:05 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-07-02 19:05 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-07-02 19:04 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-07-02 19:02 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-07-02 18:56 3,014,272 a------- c:\windows\system32\ati3duag.dll
2009-07-02 18:54 11,698,176 a------- c:\windows\system32\atioglxx.dll
2009-07-02 18:44 2,139,904 a------- c:\windows\system32\ativvaxx.dll
2009-07-02 18:44 887,724 a------- c:\windows\system32\ativva6x.dat
2009-07-02 18:31 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-07-02 18:28 487,424 a------- c:\windows\system32\atikvmag.dll
2009-07-02 18:27 45,056 a------- c:\windows\system32\aticalrt.dll
2009-07-02 18:26 45,056 a------- c:\windows\system32\aticalcl.dll
2009-07-02 18:26 151,552 a------- c:\windows\system32\atiadlxx.dll
2009-07-02 18:26 17,408 a------- c:\windows\system32\atitvo32.dll
2009-07-02 18:25 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-07-02 18:25 3,248,128 a------- c:\windows\system32\aticaldd.dll
2009-07-02 18:24 376,832 a------- c:\windows\system32\atiok3x2.dll
2009-07-02 18:20 651,264 a------- c:\windows\system32\ati2cqag.dll
2009-07-02 13:06 15,600 a------- c:\windows\gdrv.sys
2009-07-02 12:12 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-06-27 01:33 306,432 a------- c:\windows\system32\TuneUpDefragService.exe
2009-06-26 20:20 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-26 20:02 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-18 21:29 197,654 a------- c:\windows\system32\atiicdxx.dat
2009-06-04 13:37 499,712 a------- c:\windows\system32\msvcp71.dll
2009-05-11 23:35 118,784 a------- c:\windows\system32\atibtmon.exe

============= FINISH: 14:44:08.32 ===============

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav


Logovi su čisti, nema tragova malware_a u njima.

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Hvala na pregledu...
Ima neki mogucnosti da imam spyware?

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Nema nikakvih naznaka bilo kakve vrste malware_a, a to uključuje i spyware.

Što se tiče tvog problema savete potraži u Windows forumu.

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Da li je normalno da Windows Explorer napravi 4k konekcija (slucajno sam primetio kad sam ukljucio avira-in fw)?

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Za pitanje u vezi FW_a...jeste normalno je.

Tvoj prvi problem sa fontovima može da ima više uzroka.

Da si slučajno obrisao default Windows System Font;

Da si menjao nešto u podešavanjima-Start>Control Panel>Display>Appearance>Advanced;

U svakom slučaju tvoji problemi koje imaš na računaru nisu vezani za malware, spyware ili bilo kakvu drugu infekciju.

Za sva dalja pitanja otvori temu u odgovarajućem forumu i tamo postavi pitanje.

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Resio sam to sa explorer-om ..te konekcije je pravio update.exe u RECYCLER-u na boot particiji.

Ko je trenutno na forumu
 

Ukupno su 1347 korisnika na forumu :: 47 registrovanih, 3 sakrivenih i 1297 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, aleksmajstor, Apok, BlekMen, Brana01, Bubili, Dimitrije Paunovic, Dimitrise93, Djordjevic, dragoljub11987, Georgius, Griffon vulture, havoc995, ILGromovnik, Ivan001, Ivica1102, JOntra, Još malo pa deda, kuntalo, ladro, Leonov, Lucije Kvint, Mcdado, mercedesamg, mikrimaus, milanovic, milenko crazy north, MilosKop, nenad81, nick79, NoOneEver Dreams, Seeker, Sirius, SlaKoj, solic, srbijaiznadsvega, Srle993, Sumadija34, suton, Tragač, vathra, Vlad000, vladaa012, VP6919, wolf1, zzapNDjuric99