Poludeo skroz

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 01 Apr 2010 19:09

Nzn sta mu je cudno se ponasa.. avira samo pisti...

[Link mogu videti samo ulogovani korisnici]

Skino sam gamer, ali cim ga pokrenem i stisnem da skenira na racunaru izbacuje plavu pozadinu i system pada...to sma 3 puta pokusao i 3 puta isto se desava..

Dopuna: 01 Apr 2010 19:15

*gmer (izvinjavam se)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,

log je necitljiv.

Lepo ga nalepi kako se kaze u uputstvu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

[Link mogu videti samo ulogovani korisnici]



DDS (Ver_10-03-17.01) - NTFSx86
Run by Petrovic at 0:19:53,07 on pet 02.04.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.674 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Opofia.exe
C:\Program Files\xampp\apache\bin\httpd.exe
C:\Documents and Settings\Petrovic\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\X-Micro\Bluetooth Software\BTTray.exe
svchost.exe
C:\Program Files\X-Micro\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Petrovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petrovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petrovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petrovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petrovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petrovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petrovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petrovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petrovic\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\Petrovic\LOCALS~1\Temp\Owr.exe
C:\Documents and Settings\Petrovic\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
udefault_page_url = [Link mogu videti samo ulogovani korisnici]
uWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
mSearchAssistant = [Link mogu videti samo ulogovani korisnici]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\petrovic\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [YVIBBBHA8C] c:\docume~1\petrovic\locals~1\temp\Owr.exe
uRun: [WEK9EMDHI9] c:\windows\Opofia.exe
mRun: [Ins3DT] f:\install4\INS3DT.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [run32] c:\win\lsass.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\x-micro\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\x-micro\bluetooth software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\x-micro\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\petrovic\applic~1\mozilla\firefox\profiles\lqbm26f8.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\documents and settings\petrovic\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\petrovic\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\petrovic\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-20 11608]
R2 AcuWVSScheduler;Acunetix WVS Scheduler;c:\program files\acunetix\web vulnerability scanner 4\WVSScheduler.exe [2007-5-28 571904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-20 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-20 185089]
R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [2008-12-10 24636]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-20 56816]
R2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-03-27 18:10:01 166912 ----a-w- c:\windows\Opofia.exe
2010-03-27 18:09:41 196096 ----a-w- c:\windows\system32\sshnas21.dll
2010-03-27 18:01:42 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-03-24 13:11:38 0 d--h--w- c:\windows\PIF
2010-03-12 19:16:30 0 d-----w- C:\flash
2010-03-04 21:08:34 0 d-----w- c:\documents and settings\petrovic\dwhelper
2010-03-03 17:51:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-03 17:51:23 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-03 17:51:22 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-03 17:51:22 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

==================== Find3M ====================

2010-03-09 02:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 17:50:47 20898 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2010-01-06 17:50:47 164352 ----a-w- c:\windows\system32\SpoonUninstall.exe

============= FINISH: 0:20:39,54 ===============

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Cudno se nesto desilo... Pratio sma upustva iskljucio Aviru, i pokrenuo combofix i restartovo se racunar.. zatim podigo system i poceo je da skenira combofix ... Avira se upalila i pokazuje mi neke viruse da brisem iz windows fajla neki .. zavrsilo se skeniranje combofix-a i komp se restartovo.

evo fajla iz direktorijuma : C:\ComboFix\ComboFix.txt

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ja opet ne vidim log, kako ga to saljes, lepo ga iskopiraj u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

@prvi put mi nije bio ceo log.

evo sad sam opet ponovio postupak ceo.


ComboFix 10-04-01.02 - Petrovic 02.04.2010 15:41:08.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.887 [GMT 2:00]
Running from: c:\documents and settings\Petrovic\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\Petrovic\Application Data\Desktopicon\eBayShortcuts.exe
c:\windows\regsvr32.exe
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-01 06:45 . 2010-04-01 06:45 -------- d-----w- c:\program files\Common Files\Java
2010-04-01 06:43 . 2010-04-01 06:43 503808 ----a-w- c:\documents and settings\Petrovic\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1bf95ad8-n\msvcp71.dll
2010-04-01 06:43 . 2010-04-01 06:43 499712 ----a-w- c:\documents and settings\Petrovic\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1bf95ad8-n\jmc.dll
2010-04-01 06:43 . 2010-04-01 06:43 348160 ----a-w- c:\documents and settings\Petrovic\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1bf95ad8-n\msvcr71.dll
2010-04-01 06:42 . 2010-04-01 06:42 61440 ----a-w- c:\documents and settings\Petrovic\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-311f9e81-n\decora-sse.dll
2010-04-01 06:42 . 2010-04-01 06:42 12800 ----a-w- c:\documents and settings\Petrovic\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-311f9e81-n\decora-d3d.dll
2010-03-29 09:58 . 2010-03-29 09:58 -------- d-----w- c:\documents and settings\Petrovic\Application Data\Hewlett-Packard
2010-03-27 18:01 . 2010-03-27 18:01 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-03-24 13:11 . 2010-03-24 13:11 -------- d--h--w- c:\windows\PIF
2010-03-12 19:16 . 2010-03-12 19:16 -------- d-----w- C:\flash
2010-03-04 21:08 . 2010-03-04 21:08 -------- d-----w- c:\documents and settings\Petrovic\dwhelper
2010-03-03 17:51 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-03 17:51 . 2004-08-03 23:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-03 17:51 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-03 17:51 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-03-03 16:03 . 2010-03-03 16:03 45056 ----a-r- c:\documents and settings\Petrovic\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 06:41 . 2009-12-31 14:11 -------- d-----w- c:\program files\Java
2010-03-30 10:05 . 2009-09-20 09:52 90288 ----a-w- c:\documents and settings\Petrovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-29 22:32 . 2009-10-28 17:49 -------- d-----w- c:\documents and settings\Petrovic\Application Data\Skype
2010-03-29 22:01 . 2009-10-28 17:50 -------- d-----w- c:\documents and settings\Petrovic\Application Data\skypePM
2010-03-29 10:09 . 2009-09-29 11:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-18 13:03 . 2010-01-28 23:18 -------- d-----w- c:\documents and settings\Petrovic\Application Data\FileZilla
2010-03-09 02:28 . 2009-12-31 14:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 21:25 . 2010-01-31 01:35 50354 ----a-w- c:\documents and settings\Petrovic\Application Data\Facebook\uninstall.exe
2010-03-02 21:25 . 2010-01-31 01:35 -------- d-----w- c:\documents and settings\Petrovic\Application Data\Facebook
2010-02-28 18:32 . 2010-02-28 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-02-28 18:32 . 2010-02-28 18:32 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-02-28 18:32 . 2010-02-28 18:32 -------- d-----w- c:\program files\TechSmith
2010-02-28 15:34 . 2010-02-28 15:34 -------- d-----w- c:\program files\Longtion
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\documents and settings\Petrovic\Application Data\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Petrovic\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-21 15:04 . 2010-02-21 14:45 -------- d-----w- c:\program files\123 Flash Menu
2010-02-14 19:01 . 2009-09-29 11:44 -------- d-----w- c:\program files\The KMPlayer
2010-02-13 11:44 . 2010-02-12 20:05 -------- d-----w- c:\documents and settings\Petrovic\Application Data\Smart PDF Converter Pro
2010-02-10 00:48 . 2009-11-06 21:37 -------- d-----w- c:\program files\Google
2010-02-06 15:54 . 2009-09-29 19:19 -------- d-----w- c:\program files\xampp
2010-02-06 12:11 . 2010-02-06 12:11 -------- d-----w- c:\program files\Common Files\SourceTec
2010-02-06 12:11 . 2010-02-06 12:11 -------- d-----w- c:\program files\SourceTec
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\documents and settings\Petrovic\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-06 17:50 . 2010-01-06 17:50 20898 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2010-01-06 17:50 . 2009-11-28 20:45 164352 ----a-w- c:\windows\system32\SpoonUninstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-29 3883856]
"Google Update"="c:\documents and settings\Petrovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-05 4841472]
"nwiz"="nwiz.exe" [2003-09-05 323584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 18:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-10-29 11:20 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-02-27 16:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\games\\CS 1.6 v42 FULL\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AcuWVSScheduler;Acunetix WVS Scheduler;c:\program files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe [28.5.2007 12:13 571904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20.9.2009 12:13 108289]
R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [10.12.2008 1:10 24636]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.10.2009 18:03 721904]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.11.2009 23:37 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-06 21:37]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-06 21:37]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-220523388-682003330-1003Core.job
- c:\documents and settings\Petrovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-20 10:15]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-220523388-682003330-1003UA.job
- c:\documents and settings\Petrovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-20 10:15]

2010-04-02 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-11-11 15:45]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\X-Micro\Bluetooth Software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Petrovic\Application Data\Mozilla\Firefox\Profiles\lqbm26f8.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Petrovic\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Petrovic\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Petrovic\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WEK9EMDHI9 - c:\windows\Opofia.exe
HKLM-Run-Ins3DT - f:\install4\INS3DT.EXE
HKLM-Run-run32 - c:\win\lsass.exe
MSConfigStartUp-61208320 - c:\docume~1\ALLUSE~1\APPLIC~1\61208320\61208320.exe
AddRemove-SmartPhotoRefresh - c:\program files\BearPaw 1200CU Plus\UNWISE.EXE
AddRemove-Sound'Em - c:\program files\BearPaw 1200CU Plus\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-04-02 15:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-02 15:52:18
ComboFix-quarantined-files.txt 2010-04-02 13:52

Pre-Run: 5.000.814.592 bytes free
Post-Run: 4.970.881.024 bytes free

- - End Of File - - 3ECECEE9065CEA2F671E94EEFF453C0B

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Avira mi se sad ne aktivira... Hvala Bogu...

Za sad je dobar.. nego nzn zasto cim pokrenem msn izbacuje mi plavu pozadinu i restartuje komp...

jel ima nesto veze sa tim...? Da nije msn pod nekim virusom.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probaj da reinstaliras MSN.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.