MyCity » Ambulanta -> Arhiva Ambulante » molim pomoc

molim pomoc

Napisano na dan: 10.9.2008

molim pomoc
Sledeća strana Pagination

Idi na vrh

Poslao: 10 Sep 2008 19:48
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 33
  • Gde živiš: Novi Sad

dual boot (xp i linux) posle par meseci sam digao xp i vidim da jedva radi ...
FF mi podize 7-8 min. u neke foldere nema sanse da udjem ...
ako moze pomoc


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:35, on 10.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Msi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Msi\Desktop\pp3\pp3.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Msi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5945 bytes



Poslao: 11 Sep 2008 13:41
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Pozzzz,

* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-------------------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 13 Sep 2008 18:04
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 33
  • Gde živiš: Novi Sad

ComboFix 08-09-12.09 - Msi 2008-09-13 17:52:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1460 [GMT 2:00]
Running from: D:\DOWN\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Msi\Application Data\.#

.
((((((((((((((((((((((((( Files Created from 2008-08-13 to 2008-09-13 )))))))))))))))))))))))))))))))
.

2008-09-13 02:15 . 2008-09-13 02:18 <DIR> d-------- C:\Program Files\Winamp
2008-09-13 02:15 . 2008-09-13 02:17 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\Winamp
2008-09-11 22:58 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-09-11 22:58 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-09-11 22:58 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-09-11 22:58 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-09-11 22:58 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-09-11 22:58 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-09-11 22:57 . 2008-09-11 22:57 <DIR> d-------- C:\Program Files\Sygate
2008-09-11 22:57 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-09-11 19:29 . 2008-09-11 19:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-11 19:29 . 2008-09-11 19:29 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\SUPERAntiSpyware.com
2008-09-11 19:29 . 2008-09-11 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-11 11:45 . 2008-09-11 11:45 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-09-11 11:45 . 2008-09-11 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ICQ
2008-09-11 11:41 . 2008-09-11 12:05 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\ICQ
2008-09-11 11:40 . 2008-09-11 11:46 <DIR> d-------- C:\Program Files\ICQ6
2008-09-10 18:06 . 2008-09-10 18:05 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-09-09 15:43 . 2008-09-09 15:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-09 03:13 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-09 03:11 . 2008-09-09 03:13 <DIR> d-------- C:\Program Files\Java
2008-09-09 03:11 . 2008-09-09 03:11 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-09 01:13 . 2008-09-09 01:13 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\Malwarebytes
2008-09-09 01:12 . 2008-09-09 01:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-08 23:43 . 2008-09-08 23:43 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-09-08 23:43 . 2008-09-13 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-08 23:43 . 2008-09-13 17:54 1,100,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-08 23:43 . 2008-09-13 17:54 229,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-08 23:43 . 2008-09-08 23:54 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-08 23:43 . 2008-09-08 23:43 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-08 23:43 . 2008-09-13 17:54 10,724 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-08 23:43 . 2008-09-13 17:54 2,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-08 23:41 . 2008-09-08 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-08 12:59 . 2008-09-13 15:52 92 --a------ C:\WINDOWS\wb.ini
2008-09-08 04:05 . 2008-09-13 15:55 4,712 --a------ C:\WINDOWS\langorig.ini
2008-09-08 04:04 . 2008-09-08 04:04 <DIR> d-------- C:\Program Files\Stardock
2008-09-08 04:04 . 2003-02-26 21:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-09-08 04:04 . 2005-01-22 19:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2008-09-08 01:51 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-09-08 01:08 . 2008-09-08 01:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-08 01:05 . 2008-09-08 01:08 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-09-08 00:27 . 2008-09-08 00:27 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{1377D272-D99F-4A4B-9C83-A918F678475B}
2008-09-08 00:07 . 2008-09-08 01:08 <DIR> d-------- C:\Program Files\Uniblue
2008-09-08 00:07 . 2008-09-08 01:08 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\uniblue
2008-09-08 00:06 . 2008-09-08 00:07 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{D994735B-8DC6-4AEE-B720-704A4EC0402E}
2008-09-07 23:57 . 2008-09-07 23:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-07 23:57 . 2008-09-07 23:57 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-07 23:57 . 2008-09-07 23:57 <DIR> d-------- C:\Program Files\MSBuild
2008-09-07 23:53 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-07 23:53 . 2008-07-06 14:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-07 23:53 . 2008-07-06 12:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-07 23:53 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-07 23:53 . 2008-07-06 14:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-07 23:53 . 2008-07-06 14:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-07 23:53 . 2008-07-06 14:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-07 23:25 . 2008-09-07 23:25 <DIR> dr-h----- C:\AHCache
2008-09-07 22:11 . 2008-09-07 22:12 55 --a------ C:\WINDOWS\ScreenHunter.INI
2008-09-07 00:56 . 2008-09-07 00:56 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-07 00:51 . 2008-09-07 00:51 <DIR> d-------- C:\Program Files\NOS
2008-09-07 00:51 . 2008-09-11 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-06 21:26 . 2008-04-15 00:00 1,333,248 --a------ C:\WINDOWS\system32\drivers\athw.sys
2008-09-06 20:55 . 2008-09-06 20:55 <DIR> d-------- C:\Documents and Settings\Msi\.dvdcss
2008-09-05 03:02 . 2008-09-05 03:05 <DIR> d-------- C:\Program Files\Folder Lock
2008-09-05 03:02 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-09-05 03:02 . 2008-03-09 16:02 81,632 --a------ C:\WINDOWS\system32\FLKill.exe
2008-09-05 03:02 . 2008-09-05 03:02 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-09-05 02:54 . 2008-09-05 02:54 <DIR> d-------- C:\Program Files\Webteh
2008-09-05 02:54 . 2008-09-08 04:28 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\BSplayer PRO
2008-09-05 02:46 . 2008-09-12 18:03 <DIR> d-------- C:\Program Files\RMClock
2008-09-05 02:32 . 2008-09-05 02:32 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\ACD Systems
2008-09-05 02:31 . 2008-09-05 02:31 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-09-05 02:31 . 2008-09-05 02:31 <DIR> d-------- C:\Program Files\ACD Systems
2008-09-05 02:31 . 2008-09-05 02:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-05 02:26 . 2008-09-05 02:27 <DIR> d-------- C:\totalcmd
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\UC.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\RAR.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\LHA.PIF
2008-09-05 02:26 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\ARJ.PIF
2008-09-05 02:26 . 2008-09-10 17:33 363 --a------ C:\WINDOWS\wincmd.ini
2008-09-05 02:07 . 2008-09-05 02:08 <DIR> d-------- C:\Program Files\SMPlayer
2008-09-03 23:09 . 2008-09-03 23:09 <DIR> d-------- C:\Program Files\uTorrent
2008-09-01 15:01 . 2008-09-04 09:40 235 --ah----- C:\WINDOWS\sysreg.dat
2008-08-30 03:00 . 2008-08-30 03:00 <DIR> d-------- C:\Documents and Settings\Msi\fontconfig
2008-08-30 02:57 . 2008-09-13 14:51 <DIR> d-------- C:\Documents and Settings\Msi\.smplayer
2008-08-23 23:09 . 2008-09-08 23:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 23:09 . 2008-09-08 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 11:01 . 2008-08-23 11:01 <DIR> d-------- C:\Program Files\Real
2008-08-23 11:01 . 2008-08-23 11:01 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-23 11:01 . 2008-08-23 11:01 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-22 00:32 . 2008-08-22 00:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-08-22 00:32 . 2008-08-22 00:32 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-08-22 00:31 . 2008-08-22 00:31 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-08-22 00:28 . 2008-08-22 00:34 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\iolo
2008-08-22 00:28 . 2008-09-01 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-08-20 18:15 . 2008-08-20 18:15 <DIR> d-------- C:\Program Files\PowerQuest
2008-08-20 18:13 . 2008-08-22 00:49 <DIR> d-------- C:\WINDOWS\Logs
2008-08-20 18:13 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-08-20 18:02 . 2008-04-14 04:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-20 13:33 . 2008-09-13 14:51 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-20 13:24 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-20 13:24 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-20 13:24 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-20 01:30 . 2008-08-20 01:30 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-08-20 01:30 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-08-20 01:30 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-08-20 01:30 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-08-20 01:30 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-08-20 01:30 . 2004-03-03 21:30 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-08-20 01:30 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-08-20 01:30 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-08-20 01:30 . 2004-03-03 21:30 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-08-20 01:29 . 2008-08-20 01:30 <DIR> d-------- C:\Program Files\Ahead
2008-08-19 21:18 . 2008-08-19 21:18 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\Participatory Culture Foundation
2008-08-19 21:02 . 2008-08-19 21:02 <DIR> d-------- C:\Documents and Settings\Msi\Application Data\TuneUp Software
2008-08-19 21:02 . 2008-09-03 21:08 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-19 21:02 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-19 21:01 . 2008-09-09 03:24 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-19 21:01 . 2008-09-11 22:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-19 21:01 . 2008-08-19 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-19 20:47 . 2008-08-19 20:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-19 20:25 . 2008-09-06 19:18 <DIR> d-------- C:\Program Files\SpeedFan
2008-08-19 20:25 . 2008-08-19 20:25 45 --a------ C:\WINDOWS\system32\initdebug.nfo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 00:08 --------- d-----w C:\Documents and Settings\Msi\Application Data\FrostWire
2008-08-19 13:49 --------- d-----w C:\Program Files\FrostWire
2008-08-19 13:47 --------- d-----w C:\Program Files\GRETECH
2008-08-19 13:47 --------- d-----w C:\Documents and Settings\Msi\Application Data\GRETECH
2008-08-19 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-08-19 13:40 --------- d-----w C:\Program Files\CCleaner
2008-08-19 13:13 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-08-19 11:55 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-29 18:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-24 16:02 4,749,824 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-07-23 14:51 16,804,864 ----a-w C:\WINDOWS\RTHDCPL.EXE
2008-07-21 16:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-18 07:12 3,682,240 ----a-w C:\WINDOWS\system32\drivers\RtHDMI.sys
2008-07-15 11:47 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-07-15 11:47 1,196,032 ----a-w C:\WINDOWS\RtkUpd.exe
2008-06-19 14:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.EXE
2008-06-18 16:01 77,824 ----a-w C:\WINDOWS\SOUNDMAN.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-11 1576176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-20 22:57 176128 C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-06-29 13:32 89541 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 10:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-08 03:44 133104 C:\Documents and Settings\Msi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo 3rd Party Reboot]
--a------ 2008-05-22 14:38 451432 C:\Documents and Settings\All Users\Application Data\iolo\IRestartStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 16:20 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-07-23 16:51 16804864 C:\WINDOWS\RTHDCPL.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BisonHK"=C:\WINDOWS\BisonCam\BisonHK.exe
"BsMnt"=C:\WINDOWS\BisonCam\BsMnt.exe
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [ ]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-03 355584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Device Detector - DevDetect.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Msi\Application Data\Mozilla\Firefox\Profiles\fln87ly1.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [Link mogu videti samo ulogovani korisnici]
FireFox -: prefs.js - STARTUP.HOMEPAGE - [Link mogu videti samo ulogovani korisnici]
FF -: plugin - C:\Documents and Settings\Msi\Application Data\Mozilla\Firefox\Profiles\fln87ly1.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - C:\Documents and Settings\Msi\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
.
------- File Associations (Beta) -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-09-13 17:55:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 20 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-09-13 17:56:51 - machine was rebooted [Msi]
ComboFix-quarantined-files.txt 2008-09-13 15:56:47

Pre-Run: 4,008,517,632 bytes free
Post-Run: 3,954,917,376 bytes free

286 --- E O F --- 2008-09-10 15:01:10

Poslao: 14 Sep 2008 16:11
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Log je cist, nema znakova malwera.

Uradi jos ovo:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

Pozzz

MyCity » Ambulanta -> Arhiva Ambulante » molim pomoc

Ko je trenutno na forumu
 

Ukupno su 1074 korisnika na forumu :: 94 registrovanih, 6 sakrivenih i 974 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Aleksa 3215, Alexa77, Arsenije, babaroga, baltazar01, bestguarder, bgs, blatruc82, bojan_t, bojcistv, branko87, Cian, colji, comi_pfc, CrazyNorth, cuculo, dankisha, darkkran, Deki Duga Devetka, Dimitrise93, Dioniss, dradex, dukajov, Dvojac005, eighty-one, EXIT78, Fructo, GH69, goran.vvv, Hans Gajger, ilija.24, jackreacher011011, JK, jovo caruga, K2, Kruger, Kubovac, kunktator, kutija11, ladro, laurusri, Litostroton, Lotus, Mcdado, Mig 29, mikelija, miki kv, Milos ZA, milos.cbr, milos97, narandzasti, Ne doznajem se u oružje, Nemanja Opalić, neutrino, nsharambasa, obsc, operniki, pacika, pceklic, Pekman, pisac12, PrincipL, raso76, Relixiran, rikirubio, Ripanjac, SamostalniReferent, sasa87, scout81, sekretar, sevenino, Shadow soldier, Silvertooth, Singidunumac, Sirius, Smajser, srđan, sspp, stegonosa, Stoilkovic, synergia, t84dar, tamno.nebo, Trivo, vathra, voja64, Vrač, vuksa72, wolf431, wolverined4, yiyi, Zeljo980, zokilivac, Zvlade