Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Zagusenje Interenta

[es] :: Zaštita :: Zagusenje Interenta

[ Pregleda: 2157 | Odgovora: 13 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

vojkanvets
vojkan zikic
beograd

Član broj: 143784
Poruke: 19
93.87.119.*



Profil

icon Zagusenje Interenta30.12.2009. u 00:04 - pre 174 meseci
Ljudi pomagajte, smaram se danima da pronadjem resenje kako da sredim komp i nista. Net mi koci, pokrenuo sam HijackThis i stavljam ovde log, nadam se da ce neko moci da mi pomogne. Smorio sam se skroz.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:56:03, on 12/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Nikola\My Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7082B7-451A-4B86-AEF3-A14A14441AEC}: NameServer = 212.200.191.166,212.200.190.166
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\CA_LIC\LogWatNT.exe

--
End of file - 4304 bytes
 
Odgovor na temu

valjan
Janko Valencik
Software Deployer
Schneider Electric
Novi Sad

Moderator
Član broj: 158605
Poruke: 3531
*.dynamic.sbb.rs.



+553 Profil

icon Re: Zagusenje Interenta30.12.2009. u 02:11 - pre 174 meseci
Otvori Command Prompt (Start > Run pa kucaj cmd i pritisni Enter), pa u Command Promptu kucaj "netstat -abno -p tcp > c:\zagusen.txt" (umesto "c:\zagusen.txt" mozes odabrati bilo koje ime fajla na bilo kojoj lokaciji, samo obrati paznju da ako takav fajl vec postoji, njegov sadrzaj ce biti prebrisan rezultatom netstat komande), otvori taj "c:\zagusen.txt" dvoklikom, i pronadji one redove gde je u trecoj koloni (Foreign address) IP adresa koja nije tvoja (znaci da ne bude ni 0.0.0.0, ni 127.0.0.1 ni bilo koja IP adresa koja je dodeljena bilo kojoj mreznoj ili wireless kartici na tvom racunaru), a u cetvrtoj koloni (State) se nalazi status "ESTABLISHED". Kada pronadjes takve redove, pogledaj pocetak sledeceg reda, i u uglastoj zagradi ("[ ]") imaces ispisano ime procesa koji komunicira sa spoljnim svetom.

Preporucljivo je da pre nego sto pokrenes netstat komandu, da pogasis sve browsere, email klijente, IM & chat programe, P2P i torent aplikacije itd., kako bi lakse pronasao "uljeza" koji iza tvojih ledja divani sa drugim racunarima. Kada si na ovaj nacin izdvojio sumnjive procese, ako ne znas sta sa njima, javi se, pa da ti damo dalje instrukcije.
 
Odgovor na temu

vojkanvets
vojkan zikic
beograd

Član broj: 143784
Poruke: 19
79.101.187.*



Profil

icon Re: Zagusenje Interenta30.12.2009. u 08:22 - pre 174 meseci
Citat:
valjan: Otvori Command Prompt (Start > Run pa kucaj cmd i pritisni Enter), pa u Command Promptu kucaj "netstat -abno -p tcp > c:\zagusen.txt" (umesto "c:\zagusen.txt" mozes odabrati bilo koje ime fajla na bilo kojoj lokaciji, samo obrati paznju da ako takav fajl vec postoji, njegov sadrzaj ce biti prebrisan rezultatom netstat komande), otvori taj "c:\zagusen.txt" dvoklikom, i pronadji one redove gde je u trecoj koloni (Foreign address) IP adresa koja nije tvoja (znaci da ne bude ni 0.0.0.0, ni 127.0.0.1 ni bilo koja IP adresa koja je dodeljena bilo kojoj mreznoj ili wireless kartici na tvom racunaru), a u cetvrtoj koloni (State) se nalazi status "ESTABLISHED". Kada pronadjes takve redove, pogledaj pocetak sledeceg reda, i u uglastoj zagradi ("[ ]") imaces ispisano ime procesa koji komunicira sa spoljnim svetom.

Preporucljivo je da pre nego sto pokrenes netstat komandu, da pogasis sve browsere, email klijente, IM & chat programe, P2P i torent aplikacije itd., kako bi lakse pronasao "uljeza" koji iza tvojih ledja divani sa drugim racunarima. Kada si na ovaj nacin izdvojio sumnjive procese, ako ne znas sta sa njima, javi se, pa da ti damo dalje instrukcije.



Uf nasao sam i to negde na netu, pa sam to vec odradio. services.exe mi pravi problem. Nasao sam jedan lazni services.exe koji se nije nalazio u folderu System32, pa sam ga obrisao ali opet nista. Nadam se da imas resenje za moj problem???
 
Odgovor na temu

valjan
Janko Valencik
Software Deployer
Schneider Electric
Novi Sad

Moderator
Član broj: 158605
Poruke: 3531
*.adsl.eunet.rs.



+553 Profil

icon Re: Zagusenje Interenta30.12.2009. u 09:53 - pre 174 meseci
Za pocetak u HJT ukloni ova dva (stikliraj ih i klikni na "Fix Checked"):

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

Posto vec imas instaliran SuperAntiSpyware, updateuj ga pa uradi detaljan sken, mozda pronadje jos repova od ovog askbar djubreta. Vidim i da u sistemu imas C:\CA_LIC\LogWatNT.exe, to je patch za neke Computer Associate aplikacije, pa ako ne koristis McAfee antivirus ili Inoculate It ili bije koje njihovo AV resenje, onda stikliraj i njega u HJT pa klik na "Fix Checked".
 
Odgovor na temu

vojkanvets
vojkan zikic
beograd

Član broj: 143784
Poruke: 19
93.87.119.*



Profil

icon Re: Zagusenje Interenta30.12.2009. u 17:48 - pre 174 meseci
Obrisao sam ova 2 AskBar-a sa "fix checked", al ovo trece nije htelo.

Uradio sam detaljan scan sa SuperAntiSpyware, nasao mi 2 neka tojan gen ali je sve obrisao.

Medjutim net mi i dalje nesto koci
 
Odgovor na temu

valjan
Janko Valencik
Software Deployer
Schneider Electric
Novi Sad

Moderator
Član broj: 158605
Poruke: 3531
*.adsl.eunet.rs.



+553 Profil

icon Re: Zagusenje Interenta31.12.2009. u 09:17 - pre 174 meseci
A kako ti se ispoljava to da "nesto koci"? Pokrenes download fajla pa zastajkuje, stranice u web browseru se sporo ucitavaju, nesto drugo...?
 
Odgovor na temu

vojkanvets
vojkan zikic
beograd

Član broj: 143784
Poruke: 19
109.93.15.*



Profil

icon Re: Zagusenje Interenta31.12.2009. u 13:17 - pre 174 meseci
Stranice u web browseru se sporo otvaraju i dosta puta pucaju, counter strike ne mogu ni da igram imam prevelik ping, a u task manager-u u Networking delu koriscenje skace, iako mi je sve pogaseno...jel mu ima pomoci neke?
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zagusenje Interenta31.12.2009. u 13:20 - pre 174 meseci
Ajde da ga proverimo


Skini Program DDS http://download.bleepingcomputer.com/sUBs/dds.scr
Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Zakaci mi log DDS.txt (Copy \ Paste)
 
Odgovor na temu

vojkanvets
vojkan zikic
beograd

Član broj: 143784
Poruke: 19
79.101.228.*



Profil

icon Re: Zagusenje Interenta31.12.2009. u 16:26 - pre 174 meseci
Obrisao sam Avg i instalirao BitDefender i on mi stalno izbacuje da skenira odlaznu postu. Evo log fajl-a


DDS (Ver_09-12-01.01) - NTFSx86
Run by Nikola at 17:23:21.78 on Thu 12/31/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1288 [GMT 1:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\BitDefender\BitDefender 2010\uiscan.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nikola\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bsplayer-search.com/startpage
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {BA7082B7-451A-4B86-AEF3-A14A14441AEC} = 212.200.191.166,212.200.190.166
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nikola\applic~1\mozilla\firefox\profiles\jt16ymu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2008-8-24 17952]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 152456]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 LogWatch;Event Log Watch;c:\ca_lic\logwatnt.exe --> c:\ca_lic\LogWatNT.exe [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 atidgllk;atidgllk;\??\c:\docume~1\nikola\locals~1\temp\~af27855\upgrade\atidgllk.sys --> c:\docume~1\nikola\locals~1\temp\~af27855\upgrade\atidgllk.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]

=============== Created Last 30 ================

2009-12-31 14:40:10 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-31 14:40:10 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-31 14:40:10 0 ----a-w- c:\windows\system32\ab_bl.sig
2009-12-31 14:40:10 0 ----a-w- C:\pcwords2.dat
2009-12-31 14:40:10 0 ----a-w- C:\pcwords.dat
2009-12-31 14:40:10 0 ----a-w- C:\pcconf.ini
2009-12-31 14:40:10 0 ----a-w- C:\pc_sign.slf
2009-12-31 14:39:08 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-31 14:32:42 385 ----a-w- c:\windows\system32\user_gensett.xml
2009-12-31 14:30:48 0 d-----w- c:\docume~1\nikola\applic~1\BitDefender
2009-12-31 14:30:48 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2009-12-31 14:30:47 0 d-----w- c:\program files\BitDefender
2009-12-31 14:29:55 0 d-----w- c:\program files\common files\BitDefender
2009-12-29 22:21:17 0 d-----w- c:\docume~1\nikola\applic~1\Malwarebytes
2009-12-29 22:21:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 22:21:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-28 23:56:48 0 d--h--w- c:\windows\system32\GroupPolicy
2009-12-28 20:09:02 0 d-----w- c:\program files\DrWeb
2009-12-27 02:51:14 0 d-----w- c:\program files\Enigma Software Group
2009-12-26 13:17:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-26 13:17:27 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-26 13:17:27 0 d-----w- c:\docume~1\nikola\applic~1\SUPERAntiSpyware.com
2009-12-23 21:27:04 9216 ----a-w- c:\windows\system32\ffnd.exe
2009-12-23 21:22:24 0 d-----w- c:\docume~1\nikola\applic~1\FreeFixer
2009-12-23 19:35:01 0 d-----w- c:\docume~1\nikola\applic~1\Uniblue
2009-12-23 19:10:21 737280 ----a-w- c:\windows\iun6002.exe
2009-12-23 19:10:09 0 d-----w- c:\program files\Tweak-XP Pro 4
2009-12-22 08:21:42 714752 ----a-w- c:\windows\system32\drivers\xjpgy.sys
2009-12-19 18:37:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Nokia
2009-12-15 17:36:44 34064 ----a-w- c:\windows\system32\lhacm.acm
2009-12-15 17:31:36 0 d-----w- c:\program files\Teamspeak2_RC2
2009-12-07 17:49:08 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-12-07 17:46:28 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys

==================== Find3M ====================

2009-10-09 19:11:33 24328 ----a-w- c:\docume~1\nikola\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 17:23:58.09 ===============
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zagusenje Interenta31.12.2009. u 16:57 - pre 174 meseci
Nisi dobro obrisao AVG
Skini ovaj alat i pocisti ostatke od AVG-a http://www.avg.com/ww-en/download-tools

Zatim skini Combofix na desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Iskljuci Bitdefender
Pokreni ga sa desktopa, i odgovaraj potvrdno za sve sto te pita.
Zatim mi iskopiraj log koji dobijes.
 
Odgovor na temu

vojkanvets
vojkan zikic
beograd

Član broj: 143784
Poruke: 19
79.101.228.*



Profil

icon Re: Zagusenje Interenta31.12.2009. u 18:42 - pre 174 meseci
U pravu si, pukao mi je uninstall za AVG. Evo log-a

ComboFix 09-12-31.01 - Nikola 12/31/2009 19:35:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1566 [GMT 1:00]
Running from: c:\documents and settings\Nikola\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EventSystem.log

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-31 14:40 . 2009-12-31 14:40 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-31 14:40 . 2009-12-31 14:40 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-31 14:40 . 2009-12-31 14:40 0 ----a-w- C:\pcwords2.dat
2009-12-31 14:40 . 2009-12-31 14:40 0 ----a-w- C:\pcwords.dat
2009-12-31 14:39 . 2009-12-31 14:40 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-31 14:30 . 2009-12-31 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-12-31 14:30 . 2009-12-31 14:30 -------- d-----w- c:\documents and settings\Nikola\Application Data\BitDefender
2009-12-31 14:30 . 2009-12-31 14:30 -------- d-----w- c:\program files\BitDefender
2009-12-31 14:29 . 2009-12-31 14:30 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-31 00:54 . 2009-12-31 00:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-12-30 23:58 . 2009-12-30 23:58 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-30 23:58 . 2009-12-30 23:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2009-12-29 22:21 . 2009-12-29 22:21 -------- d-----w- c:\documents and settings\Nikola\Application Data\Malwarebytes
2009-12-29 22:21 . 2009-12-31 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 22:21 . 2009-12-29 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-28 23:56 . 2009-12-28 23:56 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-12-28 20:09 . 2009-12-28 23:35 -------- d-----w- c:\program files\DrWeb
2009-12-27 02:51 . 2009-12-27 02:51 -------- d-----w- c:\program files\Enigma Software Group
2009-12-26 13:18 . 2009-12-27 00:26 52224 ----a-w- c:\documents and settings\Nikola\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-26 13:18 . 2009-12-27 00:26 117760 ----a-w- c:\documents and settings\Nikola\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-26 13:17 . 2009-12-26 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-26 13:17 . 2009-12-26 13:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-26 13:17 . 2009-12-26 13:17 -------- d-----w- c:\documents and settings\Nikola\Application Data\SUPERAntiSpyware.com
2009-12-23 21:27 . 2007-08-14 12:04 9216 ----a-w- c:\windows\system32\ffnd.exe
2009-12-23 21:22 . 2009-12-23 21:22 -------- d-----w- c:\documents and settings\Nikola\Local Settings\Application Data\FreeFixer
2009-12-23 21:22 . 2009-12-23 21:22 -------- d-----w- c:\documents and settings\Nikola\Application Data\FreeFixer
2009-12-23 20:57 . 2009-12-23 20:57 -------- d-----w- c:\documents and settings\Nikola\Local Settings\Application Data\VS Revo Group
2009-12-23 19:35 . 2009-12-23 19:35 -------- d-----w- c:\documents and settings\Nikola\Application Data\Uniblue
2009-12-23 19:10 . 2009-12-23 19:09 737280 ----a-w- c:\windows\iun6002.exe
2009-12-23 19:10 . 2009-12-23 19:12 -------- d-----w- c:\program files\Tweak-XP Pro 4
2009-12-22 08:21 . 2009-12-31 18:39 714752 ----a-w- c:\windows\system32\drivers\xjpgy.sys
2009-12-19 18:37 . 2009-12-19 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-12-15 17:36 . 2009-12-15 17:36 -------- d-----w- c:\documents and settings\Nikola\Application Data\teamspeak2
2009-12-15 17:31 . 2009-12-23 19:03 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-12-07 17:49 . 2009-12-07 17:49 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-12-07 17:46 . 2009-12-07 17:46 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 14:09 . 2008-08-20 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-30 23:57 . 2009-12-30 23:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-12-30 17:39 . 2009-01-24 13:42 -------- d-----w- c:\program files\Astonsoft
2009-12-29 22:29 . 2009-05-20 19:13 -------- d-----w- c:\program files\Gigatron Konfygurator
2009-12-29 22:07 . 2008-08-28 21:18 -------- d-----w- c:\documents and settings\Nikola\Application Data\Skype
2009-12-29 22:06 . 2008-08-28 21:21 -------- d-----w- c:\documents and settings\Nikola\Application Data\skypePM
2009-12-26 23:44 . 2008-10-29 22:44 -------- d-----w- c:\documents and settings\Nikola\Application Data\MySQL
2009-12-26 13:17 . 2008-08-27 15:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-23 21:37 . 2009-07-04 15:13 -------- d-----w- c:\program files\MSECACHE
2009-12-23 20:54 . 2009-10-27 17:06 -------- d-----w- c:\documents and settings\Nikola\Application Data\VMware
2009-12-23 19:45 . 2008-08-20 14:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 23:07 . 2009-02-16 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-12-22 23:07 . 2009-02-16 23:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2009-12-19 20:24 . 2009-09-08 15:50 165984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-19 18:38 . 2009-02-21 00:15 -------- d-----w- c:\documents and settings\Nikola\Application Data\EditPlus 3
2009-12-05 17:27 . 2008-08-22 17:12 -------- d-----w- c:\program files\phpDesigner 2008
2009-11-30 17:28 . 2008-08-21 13:13 -------- d-----w- c:\program files\Counter-Strike
2009-11-11 19:54 . 2009-11-08 14:55 -------- d-----w- c:\documents and settings\Nikola\Application Data\TortoiseSVN
2009-11-08 14:51 . 2009-11-08 14:51 -------- d-----w- c:\documents and settings\Nikola\Application Data\Subversion
2009-11-08 14:48 . 2009-11-08 14:48 -------- d-----w- c:\program files\TortoiseSVN
2009-11-08 14:48 . 2009-11-08 14:48 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-11-07 00:05 . 2009-11-04 19:19 1 ----a-w- c:\windows\system32\krx240.dat
2009-11-06 18:36 . 2009-02-17 12:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-11-06 18:34 . 2009-11-06 18:34 -------- d-----w- c:\program files\Common Files\VMware
2009-11-05 19:56 . 2009-11-05 19:56 -------- d-----w- c:\program files\ShowMyPCService
2009-11-04 19:19 . 2009-11-04 19:19 -------- d-----w- c:\program files\Web Button Maker Deluxe
2009-10-19 17:59 . 2009-12-31 14:33 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-12-04 1118144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nikola^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 21:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 07:53 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2008-10-17 17:18 2323680 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Home Server Manager]
2008-11-07 08:42 542208 ----a-w- c:\program files\Nokia\Nokia Home Media Server\NHSM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-08-20 07:38 16384512 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-08-11 15:46 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2006-11-23 23:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-03 21:16 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-24 14:51 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ufad-ws60"=3 (0x3)
"TwonkyMedia"=3 (0x3)
"SQLWriter"=3 (0x3)
"SQLSERVERAGENT"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQLSERVER"=3 (0x3)
"ServiceLayer"=3 (0x3)
"SandraAgentSrv"=2 (0x2)
"NMIndexingService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"ATI Smart"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"EventSystem"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\phpDesigner 2008\\phpDesigner2008.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\edgios.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\PES.2009.Full.Rib\\pes2009.exe"=
"e:\\PES.2009.Full.Rib\\Crack\\pes2009.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [8/24/2008 15:19 17952]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 16:26 74480]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/7/2009 18:46 152456]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 16:27 7408]
S2 LogWatch;Event Log Watch;c:\ca_lic\LogWatNT.exe --> c:\ca_lic\LogWatNT.exe [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 16:06 183880]
S3 atidgllk;atidgllk;\??\c:\docume~1\Nikola\LOCALS~1\Temp\~Af27855\Upgrade\atidgllk.sys --> c:\docume~1\Nikola\LOCALS~1\Temp\~Af27855\Upgrade\atidgllk.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 07:01 2799808]
S4 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - xjpgy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bsplayer-search.com/startpage
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {BA7082B7-451A-4B86-AEF3-A14A14441AEC} = 212.200.191.166,212.200.190.166
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\jt16ymu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe
MSConfigStartUp-sysgif32 - c:\windows\TEMP\~TM39.tmp
MSConfigStartUp-VMware hqtray - c:\program files\VMware\VMware Workstation\hqtray.exe
MSConfigStartUp-vmware-tray - c:\program files\VMware\VMware Workstation\vmware-tray.exe
AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 19:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xjpgy]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-31 19:40:57
ComboFix-quarantined-files.txt 2009-12-31 18:40

Pre-Run: 18,455,998,464 bytes free
Post-Run: 18,531,250,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 751F6D32CB8EB23B0807F00237CD4CEF
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zagusenje Interenta31.12.2009. u 18:59 - pre 174 meseci
Skini ovaj fajl na desktop i raspakuj ga.
Ugasi AV
prevuci ga misem na ikonicu Combofixa



Kad zavrsi ciscenje postavi novi log i kazi kakva je situacija.
Prikačeni fajlovi
CFScript.zip CFScript.zip - 0.17k
 
Odgovor na temu

vojkanvets
vojkan zikic
beograd

Član broj: 143784
Poruke: 19
79.101.228.*



Profil

icon Re: Zagusenje Interenta31.12.2009. u 19:22 - pre 174 meseci
Izgleda da je sada sve OK. Al' za svaki slucaj evo log fajla. HVALA i Srecna Nova ! :)

ComboFix 09-12-31.01 - Nikola 12/31/2009 20:11:11.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1553 [GMT 1:00]
Running from: c:\documents and settings\Nikola\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nikola\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FILE ::
"c:\windows\system32\drivers\xjpgy.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\xjpgy.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XJPGY
-------\Service_xjpgy


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-31 14:40 . 2009-12-31 14:40 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-31 14:40 . 2009-12-31 14:40 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-31 14:40 . 2009-12-31 14:40 0 ----a-w- C:\pcwords2.dat
2009-12-31 14:40 . 2009-12-31 14:40 0 ----a-w- C:\pcwords.dat
2009-12-31 14:39 . 2009-12-31 14:40 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-31 14:30 . 2009-12-31 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-12-31 14:30 . 2009-12-31 14:30 -------- d-----w- c:\documents and settings\Nikola\Application Data\BitDefender
2009-12-31 14:30 . 2009-12-31 14:30 -------- d-----w- c:\program files\BitDefender
2009-12-31 14:29 . 2009-12-31 14:30 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-31 00:54 . 2009-12-31 00:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-12-30 23:58 . 2009-12-30 23:58 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-30 23:58 . 2009-12-30 23:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2009-12-29 22:21 . 2009-12-29 22:21 -------- d-----w- c:\documents and settings\Nikola\Application Data\Malwarebytes
2009-12-29 22:21 . 2009-12-31 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 22:21 . 2009-12-29 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-28 23:56 . 2009-12-28 23:56 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-12-28 20:09 . 2009-12-28 23:35 -------- d-----w- c:\program files\DrWeb
2009-12-27 02:51 . 2009-12-27 02:51 -------- d-----w- c:\program files\Enigma Software Group
2009-12-26 13:18 . 2009-12-27 00:26 52224 ----a-w- c:\documents and settings\Nikola\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-26 13:18 . 2009-12-27 00:26 117760 ----a-w- c:\documents and settings\Nikola\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-26 13:17 . 2009-12-26 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-26 13:17 . 2009-12-26 13:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-26 13:17 . 2009-12-26 13:17 -------- d-----w- c:\documents and settings\Nikola\Application Data\SUPERAntiSpyware.com
2009-12-23 21:27 . 2007-08-14 12:04 9216 ----a-w- c:\windows\system32\ffnd.exe
2009-12-23 21:22 . 2009-12-23 21:22 -------- d-----w- c:\documents and settings\Nikola\Local Settings\Application Data\FreeFixer
2009-12-23 21:22 . 2009-12-23 21:22 -------- d-----w- c:\documents and settings\Nikola\Application Data\FreeFixer
2009-12-23 20:57 . 2009-12-23 20:57 -------- d-----w- c:\documents and settings\Nikola\Local Settings\Application Data\VS Revo Group
2009-12-23 19:35 . 2009-12-23 19:35 -------- d-----w- c:\documents and settings\Nikola\Application Data\Uniblue
2009-12-23 19:10 . 2009-12-23 19:09 737280 ----a-w- c:\windows\iun6002.exe
2009-12-23 19:10 . 2009-12-23 19:12 -------- d-----w- c:\program files\Tweak-XP Pro 4
2009-12-19 18:37 . 2009-12-19 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-12-15 17:36 . 2009-12-15 17:36 -------- d-----w- c:\documents and settings\Nikola\Application Data\teamspeak2
2009-12-15 17:31 . 2009-12-23 19:03 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-12-07 17:49 . 2009-12-07 17:49 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-12-07 17:46 . 2009-12-07 17:46 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 14:09 . 2008-08-20 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-30 23:57 . 2009-12-30 23:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-12-30 17:39 . 2009-01-24 13:42 -------- d-----w- c:\program files\Astonsoft
2009-12-29 22:29 . 2009-05-20 19:13 -------- d-----w- c:\program files\Gigatron Konfygurator
2009-12-29 22:07 . 2008-08-28 21:18 -------- d-----w- c:\documents and settings\Nikola\Application Data\Skype
2009-12-29 22:06 . 2008-08-28 21:21 -------- d-----w- c:\documents and settings\Nikola\Application Data\skypePM
2009-12-26 23:44 . 2008-10-29 22:44 -------- d-----w- c:\documents and settings\Nikola\Application Data\MySQL
2009-12-26 13:17 . 2008-08-27 15:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-23 21:37 . 2009-07-04 15:13 -------- d-----w- c:\program files\MSECACHE
2009-12-23 20:54 . 2009-10-27 17:06 -------- d-----w- c:\documents and settings\Nikola\Application Data\VMware
2009-12-23 19:45 . 2008-08-20 14:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 23:07 . 2009-02-16 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-12-22 23:07 . 2009-02-16 23:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2009-12-19 18:38 . 2009-02-21 00:15 -------- d-----w- c:\documents and settings\Nikola\Application Data\EditPlus 3
2009-12-05 17:27 . 2008-08-22 17:12 -------- d-----w- c:\program files\phpDesigner 2008
2009-11-30 17:28 . 2008-08-21 13:13 -------- d-----w- c:\program files\Counter-Strike
2009-11-11 19:54 . 2009-11-08 14:55 -------- d-----w- c:\documents and settings\Nikola\Application Data\TortoiseSVN
2009-11-08 14:51 . 2009-11-08 14:51 -------- d-----w- c:\documents and settings\Nikola\Application Data\Subversion
2009-11-08 14:48 . 2009-11-08 14:48 -------- d-----w- c:\program files\TortoiseSVN
2009-11-08 14:48 . 2009-11-08 14:48 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-11-07 00:05 . 2009-11-04 19:19 1 ----a-w- c:\windows\system32\krx240.dat
2009-11-06 18:34 . 2009-11-06 18:34 -------- d-----w- c:\program files\Common Files\VMware
2009-11-05 19:56 . 2009-11-05 19:56 -------- d-----w- c:\program files\ShowMyPCService
2009-11-04 19:19 . 2009-11-04 19:19 -------- d-----w- c:\program files\Web Button Maker Deluxe
2009-10-19 17:59 . 2009-12-31 14:33 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-31_18.39.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-31 19:17 . 2009-12-31 19:17 16384 c:\windows\temp\Perflib_Perfdata_2a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-12-04 1118144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nikola^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 21:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 07:53 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2008-10-17 17:18 2323680 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Home Server Manager]
2008-11-07 08:42 542208 ----a-w- c:\program files\Nokia\Nokia Home Media Server\NHSM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-08-20 07:38 16384512 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-08-11 15:46 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2006-11-23 23:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-03 21:16 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-24 14:51 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ufad-ws60"=3 (0x3)
"TwonkyMedia"=3 (0x3)
"SQLWriter"=3 (0x3)
"SQLSERVERAGENT"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQLSERVER"=3 (0x3)
"ServiceLayer"=3 (0x3)
"SandraAgentSrv"=2 (0x2)
"NMIndexingService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"ATI Smart"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"EventSystem"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\phpDesigner 2008\\phpDesigner2008.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\edgios.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\PES.2009.Full.Rib\\pes2009.exe"=
"e:\\PES.2009.Full.Rib\\Crack\\pes2009.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [8/24/2008 15:19 17952]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 16:26 74480]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/7/2009 18:46 152456]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 16:27 7408]
S2 LogWatch;Event Log Watch;c:\ca_lic\LogWatNT.exe --> c:\ca_lic\LogWatNT.exe [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 16:06 183880]
S3 atidgllk;atidgllk;\??\c:\docume~1\Nikola\LOCALS~1\Temp\~Af27855\Upgrade\atidgllk.sys --> c:\docume~1\Nikola\LOCALS~1\Temp\~Af27855\Upgrade\atidgllk.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 07:01 2799808]
S4 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bsplayer-search.com/startpage
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {BA7082B7-451A-4B86-AEF3-A14A14441AEC} = 212.200.191.166,212.200.190.166
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\jt16ymu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 20:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2380)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-31 20:21:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-31 19:21
ComboFix2.txt 2009-12-31 19:05
ComboFix3.txt 2009-12-31 18:40

Pre-Run: 18,507,767,808 bytes free
Post-Run: 18,357,886,976 bytes free

- - End Of File - - D10A3AB1224FBFDB3675EA1D3AB102C5
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zagusenje Interenta31.12.2009. u 19:30 - pre 174 meseci
Start\ run\ Combofix /Uninstall ok i sacekaj da se deinstalira.

Srecna i tebi, sve najbolje
 
Odgovor na temu

[es] :: Zaštita :: Zagusenje Interenta

[ Pregleda: 2157 | Odgovora: 13 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.