Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Može provera HJT loga

[es] :: Zaštita :: Može provera HJT loga

[ Pregleda: 4885 | Odgovora: 13 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

zadrugarka
Mirko Marton
elektronicar, ED Sombor
Sombor

Član broj: 159894
Poruke: 57
79.101.156.*

Sajt: www.somborcycling.marton...


+1 Profil

icon Može provera HJT loga28.11.2009. u 14:54 - pre 175 meseci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:08, on 28.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Mirko\Desktop\Pomagajte...exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.burdafashion.com/en/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/....0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dl...ctivex/dlm-activex-2.2.5.3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/wi...t/wuweb_site.cab?1249243875515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/mi...t/muweb_site.cab?1249244188765
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/...oad/nforce/NvidiaSmartScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D424A2FA-69AA-4D9B-9FD1-18365B1BB9B9}: NameServer = 212.200.191.166,212.200.190.166
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ?????? Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7851 bytes
Somborac
 
Odgovor na temu

zadrugarka
Mirko Marton
elektronicar, ED Sombor
Sombor

Član broj: 159894
Poruke: 57
79.101.156.*

Sajt: www.somborcycling.marton...


+1 Profil

icon Re: Može provera HJT loga28.11.2009. u 15:08 - pre 175 meseci
zaboravih navesti
WXPPROSP sa svim zakrpama koje je @emitovao@ microsoft. trend micro internet security legalan. malwer bytes ni[ta nenadje.
Somborac
 
Odgovor na temu

Flo.Master
Beograd

Član broj: 241565
Poruke: 100
93.87.112.*



+2 Profil

icon Re: Može provera HJT loga28.11.2009. u 16:15 - pre 175 meseci
Pozdrav,

Log ti je cist. Da li ti imas nekih problema sa racunarom, ili cisto provere radi?
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Može provera HJT loga28.11.2009. u 17:44 - pre 175 meseci
kao sto rece @Flo.Master...HJT je cist...
no ako zelis ili smatras da bi trebao ici na dodatnu proveru...

Skini DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Dvoklikom pokreni dds.scr

Kad zavrsi, DDS ce otvoriti dva loga:
1. DDS.txt
2. Attach.txt
Oba izvestaja sacuvaj na Desktop.

Kopiraj mi DDS.txt
http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

Flo.Master
Beograd

Član broj: 241565
Poruke: 100
79.101.225.*



+2 Profil

icon Re: Može provera HJT loga28.11.2009. u 21:26 - pre 175 meseci
Ako je cisto radi provere, nema potrebe. Tesko da se nesto toliko dobro krije.
 
Odgovor na temu

zadrugarka
Mirko Marton
elektronicar, ED Sombor
Sombor

Član broj: 159894
Poruke: 57
79.101.156.*

Sajt: www.somborcycling.marton...


+1 Profil

icon Re: Može provera HJT loga28.11.2009. u 21:38 - pre 175 meseci

DDS (Ver_09-11-24.02) - NTFSx86
Run by Mirko at 22:34:23,70 on sub 28.11.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1003 [GMT 1:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\Mirko\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.burdafashion.com/en/index.html
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [VMSnap3] c:\windows\VMSnap3.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249243875515
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249244188765
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {D424A2FA-69AA-4D9B-9FD1-18365B1BB9B9} = 212.200.191.166,212.200.190.166
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mirko\applic~1\mozilla\firefox\profiles\nu4w05da.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\mirko\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-11-12 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-2 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-2 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2009-11-12 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-11-12 648456]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-8-3 428160]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-25 1684736]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\drivers\asrcddrv.sys --> c:\windows\system32\drivers\AsrCDDrv.sys [?]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\mirko\locals~1\temp\aticdsdr.sys --> c:\docume~1\mirko\locals~1\temp\ATICDSDr.sys [?]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
S3 cxbu0wdm;SmartBoard XX44;c:\windows\system32\drivers\cxbu0wdm.sys [2009-6-24 114304]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-4-14 14336]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2009-9-9 55176]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\Ntaccess.sys [2008-4-14 17920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2009-11-24 20:07:43 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-24 20:07:43 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-24 20:07:42 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-24 20:07:42 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-24 20:07:41 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-24 20:07:41 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-24 20:07:40 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-24 19:41:31 0 d-----w- c:\program files\SlySoft
2009-11-24 19:24:23 0 d-----w- c:\program files\Activision
2009-11-24 13:43:17 170736677 ----a-w- C:\ExpressionStudio_Trial_en.exe
2009-11-23 23:30:12 772329472 ----a-w- C:\VS2010B2EXP1.iso
2009-11-21 06:28:17 0 d-----w- c:\program files\PHP
2009-11-20 22:17:50 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2009-11-20 22:17:38 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2009-11-20 22:16:52 0 d-----w- c:\windows\system32\RsFx
2009-11-20 21:54:07 0 d-----w- c:\docume~1\alluse~1\applic~1\MySQL
2009-11-20 21:33:12 0 d-----w- c:\program files\IIS
2009-11-20 21:29:50 0 d-----w- c:\program files\MySQL
2009-11-20 21:29:28 0 d-----w- c:\program files\Microsoft SQL Server
2009-11-20 21:23:58 0 d-----w- c:\program files\Microsoft ASP.NET
2009-11-20 21:20:43 0 d-----w- C:\Inetpub
2009-11-19 20:01:11 0 d-----w- C:\OLIMPUS
2009-11-17 22:04:23 87608 ----a-w- c:\docume~1\mirko\applic~1\inst.exe
2009-11-17 22:04:23 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-17 22:04:23 47360 ----a-w- c:\docume~1\mirko\applic~1\pcouffin.sys
2009-11-17 22:04:13 0 d-----w- c:\program files\DVDFab 6
2009-11-17 18:25:26 644400 ----a-w- c:\windows\system32\mscomct2.ocx
2009-11-15 15:15:18 12288 ----a-w- c:\windows\system32\ksolay.ax
2009-11-15 15:15:15 63696 ----a-w- c:\windows\system32\dxdllreg.exe
2009-11-15 15:15:14 31744 -c--a-w- c:\windows\system32\dllcache\pid.dll
2009-11-15 14:44:58 0 d-----w- c:\program files\Managed DirectX (0901)
2009-11-14 21:32:24 0 d-----w- c:\program files\BOINC
2009-11-12 21:22:31 0 d-----w- c:\windows\system32\log
2009-11-12 20:58:54 52752 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-11-12 20:58:54 52624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-11-12 20:58:54 142864 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-12 20:58:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-11-12 20:58:26 0 d-----w- c:\program files\Trend Micro
2009-11-12 20:56:31 0 d-----w- C:\TrendMicro
2009-11-12 17:49:40 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-12 17:49:40 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-10 22:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-10 22:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-11-09 17:12:56 0 d-----w- c:\documents and settings\mirko\SecurityScans
2009-11-09 17:05:37 0 d-----w- C:\Windows Live Mail
2009-11-09 17:01:15 0 d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2009-11-09 01:22:13 290816 ----a-w- c:\windows\vncutil.exe
2009-11-09 01:22:12 122880 ----a-w- c:\windows\RtkAudioService.exe
2009-11-09 01:22:11 0 d-----w- c:\program files\Realtek
2009-11-09 01:22:05 831488 ------r- c:\windows\RtlExUpd.dll
2009-11-09 01:10:07 701440 ----a-w- c:\windows\system32\cohelper.dll
2009-11-09 01:10:07 5876 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-11-09 01:10:05 6789 ----a-w- c:\windows\system32\nvnrm.nvu
2009-11-09 01:10:05 485920 ----a-w- c:\windows\system32\nvunrm.exe
2009-11-09 01:04:06 0 d-----w- c:\program files\MSI
2009-11-08 20:40:35 10 ----a-w- c:\windows\WININIT.INI
2009-11-08 20:33:54 208896 ----a-w- c:\windows\system32\nvuide.exe
2009-11-08 20:33:54 1570 ------w- c:\windows\system32\nvide.nvu
2009-11-08 20:18:27 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2009-11-08 20:18:26 28160 ----a-w- c:\windows\system32\irmon.dll
2009-11-08 20:18:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2009-11-08 20:18:24 151552 ----a-w- c:\windows\system32\irftp.exe
2009-11-08 20:18:23 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-11-08 20:18:20 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2009-11-08 19:29:12 363008 ----a-w- c:\windows\system32\idecoiins.dll
2009-11-06 15:58:00 803584 ----a-w- c:\windows\boinc.scr
2009-11-05 18:48:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-04 22:57:25 0 d-----w- C:\MSI
2009-10-31 12:48:53 0 d-----w- C:\W7
2009-10-30 16:37:11 0 d-----w- c:\program files\Hard Disk Sentinel
2009-10-29 23:12:23 0 d-----w- C:\users
2009-10-29 22:42:18 0 d-----w- C:\S.T.A.L.K.E.R
2009-10-29 22:32:06 0 d-----w- C:\7

==================== Find3M ====================

2009-11-05 18:48:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 12:53:00 13440 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-08 13:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 13:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 16:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

============= FINISH: 22:34:52,31 ===============
Somborac
 
Odgovor na temu

zadrugarka
Mirko Marton
elektronicar, ED Sombor
Sombor

Član broj: 159894
Poruke: 57
79.101.156.*

Sajt: www.somborcycling.marton...


+1 Profil

icon Re: Može provera HJT loga28.11.2009. u 21:40 - pre 175 meseci
problem je u ovom : ssl_error_ssl_disabled . kad zelim da instaliram firefox ili windows live messinger ne moze da se prijavi a windows messinger moze. hvala na vasem vremenu ali jos uvek imam problem.
Somborac
 
Odgovor na temu

zadrugarka
Mirko Marton
elektronicar, ED Sombor
Sombor

Član broj: 159894
Poruke: 57
79.101.156.*

Sajt: www.somborcycling.marton...


+1 Profil

icon Re: Može provera HJT loga28.11.2009. u 21:47 - pre 175 meseci

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-24.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7.5.2005 17:24:05
System Uptime: 28.11.2009 16:41:02 (6 hours ago)

Motherboard: ASRock | | G41M-VS
Processor: Intel Pentium III Xeon processor | CPUSocket | 2393/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 162,95 GiB free.
E: is CDROM (CDFS)
G: is CDROM (CDFS)
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 4.65
A4 TECH PC Camera H
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
AnyDVD
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
BOINC
BS.Player PRO
Call of Duty Modern Warfare 2
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
DVDFab 6.2.0.5 (11/11/2009)
Far Cry
FastCGI x86
Google Chrome
Google Earth
Google SketchUp 7
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976098-v2)
IIS UrlScan Tool 2.0 (Uninstall)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 17
Junk Mail filter update
Malwarebytes' Anti-Malware
Managed DirectX (0901)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 1.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Platform Installer 2.0
MODEM Mobile Connection
Mozilla Firefox (3.5.5)
MSVCRT
MySQL Connector Net 5.2.5
MySQL Server 5.1
Nero 6 Ultra Edition
NVIDIA Drivers
Opera 10.10
PHP 5.2.11
Picasa 3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB970483)
Segoe UI
Service Pack 1 for SQL Server 2008 (KB968369)
Skype web features
Skype™ 4.1
Spelling Dictionaries Support For Adobe Reader 9
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
System Requirements Lab
Trend Micro Internet Security
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB973687)
Web Deployment Tool
WebFldrs XP
Winamp
Windows 7 Upgrade Advisor
Windows Cache Extension 1.0 for PHP 5.2
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live alatka za otpremanje
Windows Live Communications Platform
Windows Live Essentials
Windows Live Foto-galerija
Windows Live Messenger
Windows Live pomocnik za prijavljivanje
Windows Live Pošta
Windows Live Sync
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Hotfix [See Q828026 for more information]
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
WinRAR archiver

==== Event Viewer Messages From Past Week ========

24.11.2009 21:44:53, error: SCardSvr [602] - WDM Reader driver initialization cannot open reader device: The system cannot find the path specified.
24.11.2009 21:38:11, error: ialm [108] - The driver igxprd32 for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.

==== End Of File ===========================
Somborac
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Može provera HJT loga29.11.2009. u 07:14 - pre 175 meseci
@zadrugarka

Ovako...sto se tice logova...postoji neka mogucnost da imas novi rootkit u systemu.
Zbog toga bi te molio da pre nego sto ga ubijemo odradis ovo:

Idi u My Computer.
Selektuj Tools meni i klikni na Folder Options.
Selektuj View na vrhu
Unutar Hidden files and folders grupe selektuj Show hidden files and folders.
Skini kvacicu sa Hide file extensions for known types.
Skini kvacicu sa Hide protected operating system files (recommended).
Yes...Ok

Pa da mi upload-ujes ovaj file:
c:\windows\system32\drivers\asrcddrv.sys

note: Zip/Rar-uj taj file i stavi mu pass:
pass mi poslaji preko Privatne Poruke

file upload-uj preko http://depositfiles.com/en/ ili http://rapidshare.com/ ...svejedno.

poslaji mi link za download.

==============================================================

Otvori ovu stranicu:
http://sites.google.com/site/s...ome/SysProt.zip?attredirects=0

Preuzmi SysProt AntiRootkit sa te stranice tako sto ces kliknuti "here"

Raspakuj arhivu u neki Folder a zatim dvoklikom pokreni program i predji na Log karticu;
stikliraj svih osam stavki i klikni Create log

nakon odredjenog vremena ce se pojaviti upit u kome treba obeleziti
Scan root drive only i kliknuti Start;
po zavrsetku skeniranja pojavice se obavestenje koje treba zatvoriti klikom na OK;

izvestaj (log) ce biti sacuvan u istom folderu u kome se nalazi i sam program.
kopiraj mi taj log.








@Flo Master

u ovom poslu je SVE moguce...
http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Može provera HJT loga01.12.2009. u 21:29 - pre 175 meseci
@zadrugarka

Izvini sto mozda navaljujem ali stvarno bi voleo da nabavim kopiju tog fajla ako je to nekako moguce.
pa da ga prosledim dalje ukoliko je stvarno to neki nov malware.
Naravno...posle tvog upload-a,brisemo taj malware.


note: Ukoliko zelis brzim putem da pribavis kopiju tog fajla odradi sledece:


Citat:
Preuzmi Catchme program sa ovog linka:
http://files.thespykiller.co.uk/catchme.exe.

Dvoklikom pokreni catchme.exe i predi na Script tab.
U (beli) prozor programa iskopiraj tekst koji se nalazi unutar kod polja:

Citat:
files:
c:\windows\system32\drivers\asrcddrv.sys


Klikni na taster Run
Kada se pojavi poruka sa obaveštenjem, kliknuti OK
Po završetku procesa, na Desktopu ce se nalaziti file catchme.zip

taj zip mi uploaduj na gore navedene linkove.

Ukoliko si vec nesto radio molim te da me obavestis cisto da znam.

Hvala

http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

zadrugarka
Mirko Marton
elektronicar, ED Sombor
Sombor

Član broj: 159894
Poruke: 57
109.93.208.*

Sajt: www.somborcycling.marton...


+1 Profil

icon Re: Može provera HJT loga07.01.2010. u 17:48 - pre 174 meseci
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F0504000
Module End: F051C000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B50000
Module End: F7B52000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: F05C46B8
Driver Base: F05BC000
Driver End: F05DD000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwCreateKey
Address: F05C4574
Driver Base: F05BC000
Driver End: F05DD000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDeleteValueKey
Address: F05C4A52
Driver Base: F05BC000
Driver End: F05DD000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwDuplicateObject
Address: F05C414C
Driver Base: F05BC000
Driver End: F05DD000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenKey
Address: F05C464E
Driver Base: F05BC000
Driver End: F05DD000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenProcess
Address: F05C408C
Driver Base: F05BC000
Driver End: F05DD000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenThread
Address: F05C40F0
Driver Base: F05BC000
Driver End: F05DD000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryValueKey
Address: F05C476E
Driver Base: F05BC000
Driver End: F05DD000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey
Address: F05C472E
Driver Base: F05BC000
Driver End: F05DD000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwSetValueKey
Address: F05C48AE
Driver Base: F05BC000
Driver End: F05DD000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: HOME-7BC2DFE7F3:1417
Remote Address: 199.93.48.126:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: CLOSE_WAIT

Local Address: HOME-7BC2DFE7F3:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HOME-7BC2DFE7F3:12143
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: HOME-7BC2DFE7F3:12119
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: HOME-7BC2DFE7F3:12110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: HOME-7BC2DFE7F3:12080
Remote Address: LOCALHOST:1416
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: HOME-7BC2DFE7F3:12080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: LISTENING

Local Address: HOME-7BC2DFE7F3:12025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: HOME-7BC2DFE7F3:1416
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME-7BC2DFE7F3:1241
Remote Address: LOCALHOST:1240
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME-7BC2DFE7F3:1240
Remote Address: LOCALHOST:1241
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME-7BC2DFE7F3:1235
Remote Address: LOCALHOST:1234
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME-7BC2DFE7F3:1234
Remote Address: LOCALHOST:1235
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME-7BC2DFE7F3:1028
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: HOME-7BC2DFE7F3:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HOME-7BC2DFE7F3:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: HOME-7BC2DFE7F3:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HOME-7BC2DFE7F3:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HOME-7BC2DFE7F3:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HOME-7BC2DFE7F3:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HOME-7BC2DFE7F3:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HOME-7BC2DFE7F3:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HOME-7BC2DFE7F3:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: HOME-7BC2DFE7F3:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: HOME-7BC2DFE7F3:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\sa starog\Vladimir\My Documents\Nacrt žalbe u krikvicnom postupku.doc
Status: Hidden

Object: D:\sa starog\Vladimir\My Documents\odbrana\Nacrt žalbe u krikvicnom postupku.doc
Status: Hidden

Object: D:\sa starog\Vladimir\My Documents\odbrana\Nova završna rec.doc
Status: Hidden

Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\_restore{B4B6FD0E-0D9D-4547-B10A-C8164AFD7F5A}
Status: Access denied

Object: D:\System Volume Information\_restore{DE73EA2D-B245-4955-AB29-BED823F17781}
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Domacin.bmp
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{DE73EA2D-B245-4955-AB29-BED823F17781}
Status: Access denied

Somborac
 
Odgovor na temu

comkm
Banjaluka, BiH

Član broj: 229943
Poruke: 54
*.teol.net.



+9 Profil

icon Re: Može provera HJT loga10.01.2010. u 14:44 - pre 174 meseci
Ako može provjera HJT loga

Kasperski je pronasao desetak virusa i uspjesno ih otklonio. Malwarebytes antimalware je pronašao isto tako raznog smeca i uspjesno ocistio, osim jednog koga ne moze da ukloni odmah vec kaze da ce se to desiti nakon restarta, ali ga ponovo pronadje na istom mjestu i sve je isto. Ne mogu da pokrenem safe mode (restartuje se komp.), pa bih zelio pomoc ako je moguce.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:04, on 10.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\User\Desktop\bla bla.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\Program Files\Realtek\Adpath\RTHDCPL.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 209.85.129.99 msnfix.changelog.fr
O1 - Hosts: 209.85.129.99 www.incodesolutions.com
O1 - Hosts: 209.85.129.99 virusinfo.prevx.com
O1 - Hosts: 209.85.129.99 download.bleepingcomputer.com
O1 - Hosts: 209.85.129.99 www.dazhizhu.cn
O1 - Hosts: 209.85.129.99 foro.noticias3d.com
O1 - Hosts: 209.85.129.99 www.spybotupdates.com
O1 - Hosts: 209.85.129.99 club.myce.com
O1 - Hosts: 209.85.129.99 www.nabble.com
O1 - Hosts: 209.85.129.99 lurker.clamav.net
O1 - Hosts: 209.85.129.99 lexikon.ikarus.at
O1 - Hosts: 209.85.129.99 research.sunbelt-software.com
O1 - Hosts: 209.85.129.99 www.virusdoctor.jp
O1 - Hosts: 209.85.129.99 www.elitepvpers.de
O1 - Hosts: 209.85.129.99 guru.avg.com
O1 - Hosts: 209.85.129.99 downloads.sophos.com
O1 - Hosts: 209.85.129.99 www.superuser.co.kr
O1 - Hosts: 209.85.129.99 ntfaq.co.kr
O1 - Hosts: 209.85.129.99 v.dreamwiz.com
O1 - Hosts: 209.85.129.99 cit.kookmin.ac.kr
O1 - Hosts: 209.85.129.99 forums.whatthetech.com
O1 - Hosts: 209.85.129.99 forum.hijackthis.de
O1 - Hosts: 209.85.129.99 avg.vo.llnwd.net
O1 - Hosts: 209.85.129.99 ftp.drweb.com
O1 - Hosts: 209.85.129.99 www.zonealarm.com
O1 - Hosts: 209.85.129.99 www.huaifai.go.th
O1 - Hosts: 209.85.129.99 www.mostz.com
O1 - Hosts: 209.85.129.99 www.krupunmai.com
O1 - Hosts: 209.85.129.99 www.cddchiangmai.net
O1 - Hosts: 209.85.129.99 forum.malekal.com
O1 - Hosts: 209.85.129.99 tech.pantip.com
O1 - Hosts: 209.85.129.99 sapcupgrades.com
O1 - Hosts: 209.85.129.99 www.elguruinformatico.com
O1 - Hosts: 209.85.129.99 www.247fixes.com
O1 - Hosts: 209.85.129.99 forum.sysinternals.com
O1 - Hosts: 209.85.129.99 forum.telecharger.01net.com
O1 - Hosts: 209.85.129.99 sophos.com
O1 - Hosts: 209.85.129.99 foros.softonic.com
O1 - Hosts: 209.85.129.99 avast-home.uptodown.com
O1 - Hosts: 209.85.129.99 dr-web-cureit.softonic.com
O1 - Hosts: 209.85.129.99 heavenward.ru
O1 - Hosts: 209.85.129.99 www.f-secure.com
O1 - Hosts: 209.85.129.99 www.chkrootkit.org
O1 - Hosts: 209.85.129.99 diamondcs.com.au
O1 - Hosts: 209.85.129.99 www.rootkit.nl
O1 - Hosts: 209.85.129.99 www.sysinternals.com
O1 - Hosts: 209.85.129.99 z-oleg.com
O1 - Hosts: 209.85.129.99 espanol.dir.groups.yahoo.com
O1 - Hosts: 209.85.129.99 ftp01net.telechargement.fr
O1 - Hosts: 209.85.129.99 www.castlecrops.com
O1 - Hosts: 209.85.129.99 www.misec.net
O1 - Hosts: 209.85.129.99 safecomputing.umn.edu
O1 - Hosts: 209.85.129.99 www.antirootkit.com
O1 - Hosts: 209.85.129.99 www.greatis.com
O1 - Hosts: 209.85.129.99 ar.answers.yahoo.com
O1 - Hosts: 209.85.129.99 www.elhacker.org
O1 - Hosts: 209.85.129.99 research.pandasecurity.com
O1 - Hosts: 209.85.129.99 www.rootkit.com
O1 - Hosts: 209.85.129.99 www.pctools.com
O1 - Hosts: 209.85.129.99 www.pcsupportadvisor.com
O1 - Hosts: 209.85.129.99 www.resplendence.com
O1 - Hosts: 209.85.129.99 www.personal.psu.edu
O1 - Hosts: 209.85.129.99 foro.ethek.com
O1 - Hosts: 209.85.129.99 foro.elhacker.net
O1 - Hosts: 209.85.129.99 download.zonealarm.com
O1 - Hosts: 209.85.129.99 spywarehammer.com
O1 - Hosts: 209.85.129.99 vil.nail.com
O1 - Hosts: 209.85.129.99 search.mcafee.com
O1 - Hosts: 209.85.129.99 wwww.mcafee.com
O1 - Hosts: 209.85.129.99 download.nai.com
O1 - Hosts: 209.85.129.99 wwww.experts-exchange.com
O1 - Hosts: 209.85.129.99 www.bakunos.com
O1 - Hosts: 209.85.129.99 www.darkclockers.com
O1 - Hosts: 209.85.129.99 www2.gmer.net
O1 - Hosts: 209.85.129.99 ariefew.com
O1 - Hosts: 209.85.129.99 www.emsisoft.com
O1 - Hosts: 209.85.129.99 www.Merijn.org
O1 - Hosts: 209.85.129.99 www.spywareinfo.com
O1 - Hosts: 209.85.129.99 www.spybot.info
O1 - Hosts: 209.85.129.99 www.viruslist.com
O1 - Hosts: 209.85.129.99 www.hijackthis.de
O1 - Hosts: 209.85.129.99 ftp.f-secure.com
O1 - Hosts: 209.85.129.99 forum.kaspersky.com
O1 - Hosts: 209.85.129.99 es.trendmicro-europe.com
O1 - Hosts: 209.85.129.99 www.hvaonline.net
O1 - Hosts: 209.85.129.99 majorgeeks.com
O1 - Hosts: 209.85.129.99 www.avp.com
O1 - Hosts: 209.85.129.99 www.virustotal.com
O1 - Hosts: 209.85.129.99 www.sophos.com
O1 - Hosts: 209.85.129.99 linhadefensiva.uol.com.br
O1 - Hosts: 209.85.129.99 cmmings.cn
O1 - Hosts: 209.85.129.99 www.sergiwa.com
O1 - Hosts: 209.85.129.99 www.el-hacker.com
O1 - Hosts: 209.85.129.99 dl2.agnitum.com
O1 - Hosts: 209.85.129.99 forum.smadav.net
O1 - Hosts: 209.85.129.99 www.avg-antivirus.net
O1 - Hosts: 209.85.129.99 www.kaspersky-labs.com
O1 - Hosts: 209.85.129.99 www.kaspersky.com
O1 - Hosts: 209.85.129.99 www.bleepingcomputer.com
O1 - Hosts: 209.85.129.99 www.free.grisoft.com
O1 - Hosts: 209.85.129.99 alerta-antivirus.inteco.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/wi...t/wuweb_site.cab?1263120940011
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1210A449-63BA-4E02-A39E-959A505160E8}: NameServer = 192.168.1.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: OneStepSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\OneStepSrch\onestep210.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12572 bytes
 
Odgovor na temu

serbian.boy
Novi Sad

Član broj: 204431
Poruke: 37
*.adsl.verat.net.



Profil

icon Re: Može provera HJT loga10.01.2010. u 17:46 - pre 174 meseci
Ccc,otkud toliko hostova. :(
Ne diraj nista na svoju ruku,sacekaj dok ti ne pogleda log neko od iskusnih ovde. Ti bas imas problema
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Može provera HJT loga10.01.2010. u 18:31 - pre 174 meseci
@ comkm

da se teme ne bi mesale odradi sledece:

*Otvori novu temu sa linkom od ove teme.

*Procitaj Top temu o nacinu koriscenja Combofix programa. Pokreni ga po uputstvu
http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix

Poseti ovu stranicu da bi znao kako da privremeno ugasis svoj AntiVirus program:
http://www.bleepingcomputer.com/forums/topic114351.html

*U novoj temi postavi dobijeni log od Combofix programa
http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

[es] :: Zaštita :: Može provera HJT loga

[ Pregleda: 4885 | Odgovora: 13 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.