ne radi mi interent

1

ne radi mi interent

offline
  • sense 
  • Novi MyCity građanin
  • Pridružio: 28 Jun 2008
  • Poruke: 13

verovatno mi je nesto uslo nako brisanja nod32.

internet uopste ne radi, medjutim u safe mode/u radi.

evo hijackthis loga, uradio sam ga u safe modu

Logfile of HijackThis v1.99.1
Scan saved at 22:51, on 2009-02-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\opera.exe
D:\Programi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Quick TV Agent] C:\Program Files\Terminator\Quick TV\Scheduled.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....4706848843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....4056282546
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AutoShutdown Service (AutoShutdown) - Barefoot Productions, Inc. - C:\PROGRA~1\AUTOSH~1\AS_Service.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9427e290dcb1e) (gupdate1c9427e290dcb1e) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NFAgent - Unknown owner - C:\Program Files\system\smss.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: WMI System App (WMISYS) - WMI Managment - C:\WINDOWS\system\wmisys.exe


hvala unapred na pomoci Smile

Dopuna: 15 Feb 2009 23:45

jos samo da dodam da mi i opera baguje.

evo loga koji nije radjen u safe mode-u ako vam znaci

Logfile of HijackThis v1.99.1
Scan saved at 22:59:54, on 2/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\AUTOSH~1\AS_Service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Terminator\Quick TV\Scheduled.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Documents and Settings\Sasa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Quick TV Agent] C:\Program Files\Terminator\Quick TV\Scheduled.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sasa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Installer] C:\DOCUME~1\Sasa\LOCALS~1\Temp\ieC26.tmp
O4 - HKCU\..\Run: [Intel Physical Address Aventis 1.3] C:\WINDOWS\wciactrl.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....4706848843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....4056282546
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AutoShutdown Service (AutoShutdown) - Barefoot Productions, Inc. - C:\PROGRA~1\AUTOSH~1\AS_Service.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9427e290dcb1e) (gupdate1c9427e290dcb1e) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NFAgent - Unknown owner - C:\Program Files\system\smss.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: WMI System App (WMISYS) - WMI Managment - C:\WINDOWS\system\wmisys.exe

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

PoZzz

Ovde imamo jedan problem..

Imas dva Aktivna Antivirus programa...

Nod ili Avira-odluci se

offline
  • sense 
  • Novi MyCity građanin
  • Pridružio: 28 Jun 2008
  • Poruke: 13

nema mi noda u add and remove takodje ni u your uninstalleru

Dopuna: 16 Feb 2009 0:33

Sad Sad Sad Sad Sad

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Hmmm... nod je prilicno aktivan na tvom sistemu...

Aj da stopiramo Aviru :

Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

Zatim, Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • sense 
  • Novi MyCity građanin
  • Pridružio: 28 Jun 2008
  • Poruke: 13

evo loga

ComboFix 09-02-15.01 - Sasa 2009-02-16 0:47:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.102 [GMT 1:00]
Running from: D:\C-F.exe
AV: 3.0 *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *enabled*
* Created a new restore point
.
/wow section - STAGE 41
The system cannot find the path specified.
The system cannot find the path specified.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sasa\Application Data\inst.exe
c:\program files\system\smss.exe.assembly
c:\windows\prefs_bg.dll
c:\windows\system32\drivers\sysdrv32.sys
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NFR.SYS


((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-16 00:32 . 2009-02-16 00:32 162,304 -r-hs---- c:\windows\system32\txsocm32.dll
2009-02-16 00:32 . 2009-02-16 00:32 39,936 -r-hs---- c:\windows\system32\frnscli32.dll
2009-02-16 00:27 . 2009-02-16 00:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\URSoft
2009-02-15 22:16 . 2009-02-15 22:33 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-15 22:16 . 2009-02-15 22:17 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-02-15 22:16 . 2009-02-15 22:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-02-15 22:16 . 2009-02-15 22:16 <DIR> d-------- c:\documents and settings\Administrator\Application Data\PC Tools
2009-02-15 22:16 . 2008-07-16 10:43 160,648 --a------ c:\windows\system32\drivers\pctfw2.sys
2009-02-15 22:16 . 2008-06-10 21:22 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-02-15 22:16 . 2008-06-02 15:19 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-02-15 22:16 . 2008-06-02 15:19 42,376 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-02-15 22:16 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-02-15 22:09 . 2009-02-15 22:09 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-15 20:32 . 2009-02-15 20:32 <DIR> d-------- c:\documents and settings\Sasa\Application Data\Avira
2009-02-15 20:16 . 2009-02-15 20:16 <DIR> d-------- c:\program files\Avira
2009-02-15 20:16 . 2009-02-16 00:45 3 --a------ c:\windows\switch.inf
2009-02-15 19:22 . 2009-02-15 20:01 1,551,904 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-15 19:22 . 2009-02-15 19:32 221,216 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-15 19:22 . 2009-02-15 20:01 14,252 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-15 19:22 . 2009-02-15 19:32 2,884 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-15 18:48 . 2009-02-15 18:47 591,872 -r-hs---- c:\windows\system\wmisys.exe
2009-02-15 17:28 . 2009-02-15 17:28 4,036 --ah----- C:\aaw7boot.cmd
2009-02-15 16:55 . 2009-02-15 16:54 464,896 -r-hs---- c:\windows\wciactrl.exe
2009-02-15 15:58 . 2009-02-15 17:36 <DIR> d-------- c:\program files\Lavasoft
2009-02-15 15:18 . 2009-02-15 15:46 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-15 15:09 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-13 23:34 . 2009-02-16 00:48 <DIR> d-------- c:\program files\system
2009-02-13 22:39 . 2009-02-13 22:39 <DIR> d-------- c:\documents and settings\Nino\Application Data\Malwarebytes
2009-02-13 22:33 . 2009-02-13 22:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-13 22:26 . 2004-08-04 13:00 24,576 --a------ c:\windows\system32\stu2.exe
2009-02-13 21:25 . 2009-02-13 21:25 <DIR> d-------- c:\documents and settings\Sasa\Application Data\Sunbelt
2009-02-13 21:25 . 2009-02-13 21:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2009-02-13 21:22 . 2009-02-13 21:22 <DIR> d-------- c:\program files\Sunbelt Software
2009-02-13 17:57 . 2009-02-13 22:46 <DIR> d-------- c:\program files\Camfrog
2009-02-13 17:57 . 2009-02-13 17:57 <DIR> d-------- c:\documents and settings\Sasa\Application Data\Camfrog
2009-02-13 15:46 . 2009-02-13 15:49 <DIR> d-------- c:\program files\Valve
2009-02-12 23:05 . 2009-02-12 23:05 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-02-12 23:05 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-02-06 12:17 . 2009-02-06 18:46 687 --a------ c:\windows\SportballChallenge.ini
2009-02-06 10:31 . 2009-02-06 13:23 <DIR> d-------- c:\program files\Bud Redhead
2009-02-06 10:29 . 2009-02-06 10:29 827,392 --a------ c:\windows\system32\FLASH.OCX
2009-02-05 21:17 . 2009-02-05 21:17 <DIR> d-------- c:\program files\Alpha Ball
2009-02-05 17:52 . 2009-02-05 17:52 268 --ah----- C:\sqmdata01.sqm
2009-02-05 17:52 . 2009-02-05 17:52 244 --ah----- C:\sqmnoopt01.sqm
2009-01-31 12:04 . 2009-01-31 12:04 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-01-26 14:58 . 2009-01-26 14:58 <DIR> d-------- c:\program files\ReflexiveArcade
2009-01-26 14:58 . 2009-01-29 12:27 <DIR> d-------- c:\program files\Professor Fizzwizzle And The Molten Mystery
2009-01-25 23:46 . 2009-02-16 00:54 <DIR> d-------- c:\program files\AutoShutdown

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 23:51 --------- d-----w c:\documents and settings\Sasa\Application Data\uTorrent
2009-02-15 23:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-15 21:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-15 19:57 --------- d-----w c:\program files\sXe Injected
2009-02-15 19:49 --------- d-----w c:\program files\EarthView
2009-02-15 19:48 --------- d-----w c:\program files\DDORMap
2009-02-15 19:48 --------- d-----w c:\program files\DAEMON Tools
2009-02-15 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-15 16:36 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-15 16:32 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-15 15:15 --------- d-----w c:\documents and settings\Sasa\Application Data\mIRC
2009-02-15 15:14 --------- d-----w c:\program files\mIRC
2009-02-14 20:46 --------- d-----w c:\program files\Yahoo!
2009-02-14 14:04 --------- d-----w c:\program files\nLite
2009-02-14 09:34 --------- d-----w c:\program files\eMule
2009-02-13 21:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-12 22:05 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-12 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-12 15:20 --------- d-----w c:\program files\CCleaner
2009-02-12 15:18 --------- d-----w c:\program files\Ashampoo
2009-02-12 15:17 --------- d-----w c:\documents and settings\Sasa\Application Data\Ashampoo
2009-02-11 11:04 --------- d-----w c:\documents and settings\Sasa\Application Data\Skype
2009-02-11 09:59 --------- d-----w c:\program files\Google
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-04 10:12 --------- d-----w c:\program files\Warcraft III
2009-02-02 21:11 --------- d-----w c:\documents and settings\Sasa\Application Data\dvdcss
2009-01-30 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2009-01-23 18:32 --------- d-----w c:\program files\Flickr Uploadr
2009-01-17 18:23 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-17 18:21 --------- d-----w c:\program files\Skolski Latinski Recnik
2009-01-11 21:10 --------- d-----w c:\documents and settings\Sasa\Application Data\Pump
2009-01-11 20:57 --------- d-----w c:\documents and settings\Sasa\Application Data\Podmailing
2009-01-11 20:50 --------- d-----w c:\program files\Podmailing
2009-01-09 22:35 --------- d-----w c:\documents and settings\Sasa\Application Data\Spotify
2009-01-09 18:12 --------- d-----w c:\documents and settings\Sasa\Application Data\Vso
2009-01-09 17:54 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2009-01-08 10:50 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-08 10:50 47,360 ----a-w c:\documents and settings\Sasa\Application Data\pcouffin.sys
2009-01-08 10:50 --------- d-----w c:\program files\VSO
2009-01-06 14:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-05 09:46 --------- d-----w c:\program files\CyberLeadingCorp
2009-01-03 16:08 --------- d-----w c:\documents and settings\Sasa\Application Data\Winamp
2009-01-03 16:00 --------- d-----w c:\documents and settings\Sasa\Application Data\ICQ
2009-01-02 19:16 --------- d-----w c:\program files\Garena
2009-01-02 15:11 --------- d-----w c:\program files\DX-Ball
2009-01-01 18:05 --------- d-----w c:\program files\Winamp
2009-01-01 17:12 --------- d-----w c:\documents and settings\Sasa\Application Data\AIMP
2008-12-31 09:35 --------- d-----w c:\program files\AIMP2
2008-12-30 15:32 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-29 10:26 --------- d-----w c:\program files\Smoky City Design
2008-12-27 23:15 --------- d-----w c:\documents and settings\Sasa\Application Data\FileZilla
2008-12-27 17:28 --------- d-----w c:\documents and settings\Sasa\Application Data\M3
2008-12-25 21:32 --------- d-----w c:\program files\Java
2008-12-25 12:49 --------- d-----w c:\documents and settings\Sasa\Application Data\Desktopicon
2008-12-24 18:45 --------- d-----w c:\program files\FileZilla FTP Client
2008-12-24 12:24 --------- d-----w c:\documents and settings\Sasa\Application Data\JAlbum
2008-12-24 08:16 --------- d-----w c:\documents and settings\Sasa\Application Data\LimeWire
2008-12-24 07:32 --------- d-----w c:\program files\Jalbum8.1
2008-12-23 10:14 --------- d-----w c:\program files\Soulseek
2008-12-21 17:06 --------- d-----w c:\program files\TC PowerPack
2008-12-21 13:54 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-20 22:19 --------- d-----w c:\documents and settings\Sasa\Application Data\ArcSoft
2008-12-20 22:18 --------- d-----w c:\program files\ArcSoft
2008-12-20 20:32 --------- d-----w c:\program files\totalcmd
2008-12-20 16:12 --------- d-----w c:\program files\Common Files\Adobe
2008-12-20 15:57 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-20 13:50 --------- d-----w c:\program files\Adobe Media Player
2008-12-18 12:04 --------- d-----w c:\program files\Opera
2008-12-17 22:04 --------- d-----w c:\documents and settings\Sasa\Application Data\BSplayer PRO
2008-12-15 11:49 --------- d-----w c:\documents and settings\Sasa\Application Data\Canon
2008-12-15 11:35 --------- d-----w c:\program files\Canon
2008-09-27 10:44 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-09-27 10:42 8 --sh--r c:\documents and settings\All Users\Application Data\E6FF164BA3.sys
2008-02-25 18:10 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-03-06 12:29 88 --sha-r c:\windows\system32\E6FF164BA3.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-04-18 17:15 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\Sasa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-20 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-10 270128]
"Intel Physical Address Aventis 1.3"="c:\windows\wciactrl.exe" [2009-02-15 464896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"Quick TV Agent"="c:\program files\Terminator\Quick TV\Scheduled.exe" [2004-10-11 740352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2003-11-18 155648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Intel Physical Address Aventis 1.3"="c:\windows\wciactrl.exe" [2009-02-15 464896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

c:\documents and settings\Sasa\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-11-09 151552]
TV Remote Control.lnk - c:\program files\Terminator\TV7131 Utilities\P3XRCtl.exe [2008-01-05 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Sasa\Application Data\iolo\\0autocheck lsdelete\0autocheck lsdelete\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Sasa^Start Menu^Programs^Startup^Babuki.lnk]
backup=c:\windows\pss\Babuki.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hard Disk Sentinel]
--a------ 2008-11-09 12:16 3407360 c:\program files\Hard Disk Sentinel\HDSentinel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Podmailing]
--a------ 2008-12-11 11:03 173568 c:\program files\Podmailing\podmailing.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"RegistryMechanic"=c:\program files\Registry Mechanic\RegMech.exe /H
"Google Update"="c:\documents and settings\Sasa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Babylon Client"=c:\program files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\ApexDC++\\ApexDC.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"d:\\Programi\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\Sasa\\Desktop\\CryptLoad_1.1.4\\RouterClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\java.exe"=
"c:\\Documents and Settings\\Sasa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Sasa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Documents and Settings\\Sasa\\Desktop\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\Documents and Settings\\Sasa\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Podmailing\\podmailing.exe"=
"c:\\Program Files\\JLC's Software\\Internet TV\\Internet TV.exe"=
"c:\\Program Files\\AutoShutdown\\AutoShutdown.exe"=
"d:\\DC++ downloads\\LDCPlusPlus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\WINDOWS\\system\\wmisys.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55380:TCP"= 55380:TCP:tshack
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-02-15 160648]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-02-15 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-02-15 258305]
R2 AutoShutdown;AutoShutdown Service;c:\progra~1\AUTOSH~1\AS_Service.exe [2009-01-25 244736]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-02-15 41217]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-11-22 603904]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\ddcdrv.sys [2008-06-04 10240]
R2 WMISYS;WMI System App;c:\windows\system\wmisys.exe [2009-02-15 591872]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2008-01-05 414592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate1c9427e290dcb1e;Google Update Service (gupdate1c9427e290dcb1e);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 133104]
S2 NFAgent;NFAgent;c:\program files\system\smss.exe /pid=10180 --> c:\program files\system\smss.exe [?]
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);c:\windows\system32\drivers\k310bus.sys [2008-10-13 60800]
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;c:\windows\system32\drivers\k310mdfl.sys [2008-10-13 9264]
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;c:\windows\system32\drivers\k310mdm.sys [2008-10-13 96352]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-15 356920]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;c:\windows\system32\drivers\UsbMicfilt.sys [2008-03-21 22571]
S3 ZSMC302;PC CAM 300A;c:\windows\system32\drivers\usbVM302.sys [2008-03-21 93450]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93175b98-f8f7-11dd-9672-000feafaf521}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Intel Physical Address Aventis 1.3]
c:\windows\wciactrl.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-02-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-02-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-20 10:44]

2009-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-839522115-682003330-1003.job
- c:\documents and settings\Sasa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-20 10:27]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=localhost:7070
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
LSP: avsda.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\rtzqt3sy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\rtzqt3sy.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\documents and settings\Sasa\Application Data\Mozilla\Firefox\Profiles\rtzqt3sy.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\documents and settings\Sasa\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Sasa\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-16 00:54:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\windows\system\wmisys.exe [2328] 0x82C405A0

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-839522115-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{205D0787-C690-164D-D6EF-F315C201A79A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hailoinofnmpinjp"=hex:6e,62,68,66,65,70,62,65,62,6d,61,70,66,68,68,61,68,69,
67,6e,67,68,66,6d,62,6d,68,69,66,62,6e,62,68,68,63,6a,69,61,61,6a,6d,6f,6f,\
"jailoinofnmpinjppnka"=hex:66,61,68,66,6f,69,65,6a,6f,62,70,70,00,06
"paalhieninokdmmocoeikpmkjbmdbmla"=hex:65,61,68,66,6c,69,67,69,66,67,00,70

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="41899AEFBF683B5DF043E9087FBC861FBB1D54657EBA69EDC03E5A31C142813F2C7709B488D01DC40652D957C61B7AB5D42FCA
AE683153AA0E75DBA872B7340A54CFCEB7E32CAF7A8A7A3C15F0BAD9F5B2A67C188EA88F601D60531544C699B56E167FD25AF8943BE8A08506504EB0D6926657ED25A5B9
5EA283CE6E70E3F90AC291E647CA3E60FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0A
C4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407BA7FD869164D679432247FE309C9BF19E599875921A131CBE05D3FC16D0B7733BD51F358D307ECA7B29214028C365
BC4FBB87014D0C24496586483E7A016319294255B3D0F6622699F237E722E0BFDA03E276D85F8A41BFBBDE1326CDB18D542C2967EB3C1D73A3FA20259FABB7931AACCA45
E31B19D524B48C98B2F212C34FB3BED9E99F5DB517004ED89166A8704D76C07E64D75D98945D5A692C4D543196E928B42FD9B470AB735BAB36F508F0A1082B46E43A7D66
59D679311F24320DCBB03E1B0A6034309C348CDC1E969BFD82F9DAB1FB30BE78B7E20C39336975BD479EBF5770AE34B79B87324E21A93970A06EB7BE86F48B3A9844BFB68
BE625F60B14D6169D6D8B1882D90CC88CA946FBED74248FEFCEB356D41D416A46F1A6CDEE24ED498EC5E1AE62B21EA6A7892EF98DC97C9D717E53A0CB94D7E21DF9917B
4FEB890E1DFD9FDCB3247357FD519963D41894DAEAD8AE7BB65E936F85A1B47CB6B79EC5E798EA9EEB6C878884797B5592456B303611332B9B283D30C6043B71002A2D17
336A9BD8F1E9192876662F29A9BE26F988A1BE5C503177F7F2495F771926BBD4345B6306E4431F6C201AE48B22D3609F43123A0A1AA45F6BB0EFBECE55DACC4378C2B48D1F
758ADC298998358D6FC9EE49611D417F2548B6B39C2CD6599640DFDA3DBA382FB5F5156E2A145C787865E772C2BCBEF19AAA100F49D276CF0B4CE08D803334F07C09010C
8AB853F24478DFE189E1DFCCCD634ACC520D77C8063590AAABF3A0A459C30C6697D0C8003560591B4FCB911348ACEEAE0441319DA5B10FDCD935486D434879394C377D2
7370308C11386305E81814753567E24B86A8E7202BE5EBA0C86F80D4CF0C3880B1768F8EEEABB034F67BB84D5FCAA0207DFD6BF1600042B329581A2C564C1758746937F946
918DFC5F4E05B634157D28AC32B839BC11ECA3EF1FE90114D9AAAD627350F6C10AB7C317D458393BCDFB77F73D837EC5AC54D30C16947CAA71E2561760956FBD9BC2F188
F1A2222FE2F5A7343F900E3246343061B2D60DF0B0012DA49E57934EAD156F102F697F012615552BF7B97AEF3A9EA5C51200E56E1D1A908DC3FBD5B90C6930FCB8C5A7D24DD
B201CCEEE19A047F8250672737BE21D19E2C987"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(684)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
c:\windows\system32\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Opera\opera.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\Opera\opera.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-02-16 0:58:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 23:57:02
ComboFix2.txt 2008-06-29 15:39:13

Pre-Run: 17,897,177,088 bytes free
Post-Run: 17,906,106,368 bytes free

420

Dopuna: 16 Feb 2009 1:08

pogledaj ovo

img12.imageshack.us/img12/2122/78697400zw4.jpg
img12.imageshack.us/img12/8817/60429974of4.jpg

to mi uvek izbaci kada se ulogujem, radio full szstem scan iybrise sve ali opet se to pojavi kada se ulogujem

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Zato sto postoji aktivan malware koji te fajlove uvek kreira ponovo kad ih obrises....

Sutra cemo naci izvor infekcije i zavrsiti zapoceto... Ok?

offline
  • sense 
  • Novi MyCity građanin
  • Pridružio: 28 Jun 2008
  • Poruke: 13

ok

hvala puno Smile

Dopuna: 16 Feb 2009 13:58

bump Very Happy Very Happy Very Happy Very Happy

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ako mi verujes ja sam pre 3 minuta dosao na forum... Moraces sacekati da pogledam log ponovo... Juce sam samo presao krajickom oka Smile

offline
  • sense 
  • Novi MyCity građanin
  • Pridružio: 28 Jun 2008
  • Poruke: 13

vazi care nema problema Smile

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\txsocm32.dll
c:\windows\system32\frnscli32.dll
c:\windows\wciactrl.exe
c:\windows\system32\stu2.exe

Folder:
c:\program files\system

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intel Physical Address Aventis 1.3"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Intel Physical Address Aventis 1.3"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system\\wmisys.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Intel Physical Address Aventis 1.3]

Rootkit::
c:\windows\system\wmisys.exe

Driver::
WMISYS
NFAgent


Snimiti na Desktop fajl iz Notepada kao "CFScript"


Ko je trenutno na forumu
 

Ukupno su 1314 korisnika na forumu :: 36 registrovanih, 5 sakrivenih i 1273 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, aleksmajstor, babaroga, BlekMen, Brana01, cemix, darionis, darios, draganca, FileFinder, Georgius, Griffon vulture, ILGromovnik, kikisp, Kubovac, kybonacci, ljuba, Mcdado, Mercury, Mihajlo, milenko crazy north, nebkv, nemkea71, Ripanjac, RJ, ruma, Seeker, solic, srbijaiznadsvega, Srle993, vladaa012, VP6919, W123, YU-UKI, zillbg, Čivi