Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Savet za Hijack This log, šta brisati

[es] :: Zaštita :: Savet za Hijack This log, šta brisati
(Zaključana tema (lock), by Aleksandar Maletic)
Strane: 1 2

[ Pregleda: 8809 | Odgovora: 37 ] > FB > Twit

Postavi temu

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

stevka

Član broj: 96296
Poruke: 66
*.dynamic.isp.telekom.rs.



+1 Profil

icon Savet za Hijack This log, šta brisati08.11.2010. u 11:07 - pre 177 meseci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:52 PM, on 11/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nn\Desktop\stevka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\Hewlett-Packard\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/downloa...com/dl/yinst/yinst_current.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 4258 bytes
I najveci putevi pocinju prvim korakom !
 
0

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Savet za Hijack This log, šta brisati08.11.2010. u 18:39 - pre 177 meseci
Log je cist...
http://www.itfix.biz/images/Malware.JPG
 
0

igispasic
Igor Spasic
Beograd

Član broj: 54041
Poruke: 678
*.dynamic.sbb.rs.



+2 Profil

icon Re: Savet za Hijack This log, šta brisati14.11.2010. u 21:20 - pre 177 meseci
moze li pomoc, koristim win7 i od pre nekoliko dana mi javlja u poruci "nvsvc32.exe" u cemu je problem?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:15:46, on 14/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\nvsvc32.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 7811 bytes
DM 500 HD
Sony KD-55XE7005
 
0

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Savet za Hijack This log, šta brisati15.11.2010. u 08:51 - pre 177 meseci
Igore...imenjace...i tvoj log je cist.

Reinstaliraj ili update-uj drajvere od graficke. To bi trebalo resiti problem.
http://www.itfix.biz/images/Malware.JPG
 
0

NikolaPlavsic
Student

Član broj: 273280
Poruke: 16
*.dynamic.isp.telekom.rs.



Profil

icon Re: Savet za Hijack This log, šta brisati19.11.2010. u 18:50 - pre 177 meseci
Greška, log nije čist. Korisnik je inficiran trojancem.

nvsvc32.exe MORA da se nalazi u C:\Windows\system32, što u ovom slučaju nije! U pitanju je trojanac koji se krije u C:\Windows\nvsvc32.exe!

• Pokreni HijackThis i klikni na "Do a system scan only".
• Obeleži sledeće redove ispred kukicom :

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe

• Klikni na dugme "Fix Checked" i zatvori HijackThis.

1. Skini OTM by OldTimer na svoj desktop sa linka ovde
2. Pokreni ga i u polje "Paste instructions for items to be Moved" kopiraj sledeće:

Citat:
:files
C:\Windows\nvsvc32.exe

[emptytemp]
[purity]


3. Klikni na dugme Move It, a zatim na Clean Up. Ako bude tražio da se računar restartuje, molim te uradi to.

Pozdrav ;)
Computer, Technology & Malware Removal
 
0

akiko1
Damir Jusic
Tuzla

Član broj: 90256
Poruke: 183
109.175.50.*



+3 Profil

icon Re: Savet za Hijack This log, šta brisati27.11.2010. u 17:46 - pre 176 meseci
Pozdrav svima,
Da ne bih otvarao novu temu odlucio sam evo ovdje da potrazim pomoc.

Koristim WIN 7 i od prije mjesec dana rad compa je drasticno usporen. Sistem se sporije dize nego inace, ali glavni problem je kada pokusam da se konektujem na net. U tom trenutku procesor sa nekih 40% ode u 100% zauzetosti i tu ostane par minuta, tako da je pokretanje bilo cega veoma sporo (cak i muzika na winampu u tom trenu trza).

Evo saljem HijackThis log. Nadam se da ce biti od pomoci!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:38:47, on 27.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\harAKIri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\harAKIri\Desktop\ESThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{87CA4998-AA91-4BBF-BE34-AF5A4769E906}: NameServer = 195.222.32.10 195.222.32.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 5074 bytes
Zena MOZE biti i sa sela, ali auto MORA biti iz Njemacke!
 
0

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Savet za Hijack This log, šta brisati28.11.2010. u 13:55 - pre 176 meseci
Idemo "dublje" ako zelis tako sto ces preuzeti DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.com

Dvoklikom pokreni dds i kad zavrsi, DDS ce otvoriti dva loga:
1. DDS.txt
2. Attach.txt
Oba izvestaja sacuvaj na Desktop.
Kopiraj mi DDS.txt
http://www.itfix.biz/images/Malware.JPG
 
0

akiko1
Damir Jusic
Tuzla

Član broj: 90256
Poruke: 183
109.175.50.*



+3 Profil

icon Re: Savet za Hijack This log, šta brisati28.11.2010. u 23:22 - pre 176 meseci
DDS (Ver_10-11-27.01) - NTFSx86
Run by harAKIri at 0:17:32,42 on pon 29.11.2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.1024.585 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\harAKIri\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\server~1.lnk - c:\program files\technisat dvb\bin\Server4PC.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {87CA4998-AA91-4BBF-BE34-AF5A4769E906} = 195.222.32.10 195.222.32.20
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\harakiri\appdata\roaming\mozilla\firefox\profiles\uqln6bt9.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\harakiri\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\harakiri\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\harakiri\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\harakiri\appdata\roaming\mozilla\firefox\profiles\uqln6bt9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-4 304464]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-4 20952]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2010-1-10 507408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S4 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-17 1044808]

=============== Created Last 30 ================

2010-11-28 22:32:40 15256 ----a-w- c:\users\harakiri\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2010-11-28 16:58:52 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{95663f62-1288-4c1c-a8a0-3a61b5a4b8d4}\mpengine.dll
2010-11-28 15:22:02 -------- d-----w- c:\program files\Best Spyware Scanner
2010-11-28 14:29:09 -------- d-----w- c:\program files\CCleaner
2010-11-27 14:46:24 -------- d-sh--w- C:\$RECYCLE.BIN
2010-11-27 14:32:45 98816 ----a-w- c:\windows\sed.exe
2010-11-27 14:32:45 89088 ----a-w- c:\windows\MBR.exe
2010-11-27 14:32:45 256512 ----a-w- c:\windows\PEV.exe
2010-11-27 14:32:45 161792 ----a-w- c:\windows\SWREG.exe
2010-11-27 10:11:21 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2010-11-26 15:49:47 -------- d-----w- c:\program files\Loaris
2010-11-15 00:13:04 -------- d-----w- c:\windows\sr-Latn-CS
2010-11-15 00:12:59 -------- d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-11-15 00:12:58 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-11-14 23:35:19 -------- d-----w- c:\windows\hr-HR
2010-11-14 23:35:18 -------- d-----w- c:\windows\system32\drivers\hr-HR
2010-11-14 23:35:12 -------- d-----w- c:\windows\system32\wbem\hr-HR
2010-11-14 17:50:20 293376 ----a-w- c:\windows\system32\browserchoice.exe

==================== Find3M ====================

2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 0:19:22,47 ===============
Zena MOZE biti i sa sela, ali auto MORA biti iz Njemacke!
 
0

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Savet za Hijack This log, šta brisati30.11.2010. u 11:24 - pre 176 meseci
Pokretao si ComboFix ...
Uz poruku mi prikaci njegov log nalazi se na C particiji:
http://www.itfix.biz/images/Malware.JPG
 
0

akiko1
Damir Jusic
Tuzla

Član broj: 90256
Poruke: 183
109.175.61.*



+3 Profil

icon Re: Savet za Hijack This log, šta brisati01.12.2010. u 23:12 - pre 176 meseci
I izbrisao prije nego sam procitao tvoju zadnju poruku. Zatim sam ga pokusao opet skinuti i pokrenuti, ali nije uspjevalo jer pokrene se i izgasi odmah. Onda od muke formatirao disk i evo sad je sve OK!
Hvalla ti na pomoci u svakom slucaju.
Lijep pozdrav!
Zena MOZE biti i sa sela, ali auto MORA biti iz Njemacke!
 
0

vlada98
vladimir vujosevic
Beograd,Srbija

Član broj: 288009
Poruke: 1
*.adsl-a-1.sezampro.rs.



Profil

icon Re: Savet za Hijack This log, šta brisati19.07.2011. u 08:10 - pre 169 meseci
moze li pomoc, koristim win7 i od pre nekoliko dana mi javlja u poruci "nvsvc32.exe" u cemu je problem?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:03:13, on 19.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\vujosevic1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vujosevic1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vujosevic1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 1390 bytes
 
0

Vodomar

Član broj: 145510
Poruke: 288



+37 Profil

icon Re: Savet za Hijack This log, šta brisati19.07.2011. u 12:31 - pre 169 meseci
po ovome koristiš xp a fajl je od graficke pokusaj reinstalaciju ponovo downloaduj drajver sa nvidijinog sajta

http://software.benchmark.rs/h...ja_drajvera_za_grafichke_karte
If you didn't go looking for it, don't install it. If you do install it, make sure you update it. And if
you no longer need it, remove it.
 
0

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Savet za Hijack This log, šta brisati19.07.2011. u 17:30 - pre 169 meseci
HijackThis se poodavno ne koristi za analizu sistema na malware jer ne vidi nista.

primer:

Avast instalira nekoliko drajvera i servisa. HJT je prikazao samo jedan service, gde su drajveri u kernel modu?
Sta je sa startup-om.

Shvatas o cemu pricam.

Drugo, trazio si pomoc u temi koja nema veze sa tvojim slucajem, ajde ok, ali da si samo iole pogledao temu iznad video bi sta je @magna86 trazio korisniku posle HJT-a (nije ga ni pogledao) iz razloga koji sam vec naveo.

Citat:
moze li pomoc, koristim win7 i od pre nekoliko dana mi javlja u poruci "nvsvc32.exe" u cemu je problem?



Da li je ovo opis problema ili mozda mi imamo carobnu kuglu pa vidimo sta se dogadja na tvom "Win7" sistemu.
 
0

hejejj

Član broj: 263889
Poruke: 246
*.crnagora.net.



+6 Profil

icon Re: Savet za Hijack This log, šta brisati20.07.2011. u 03:28 - pre 169 meseci
i meni cudno radi windows jel neko prmjecuje nesto sumnjivo ovamo?
DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.381.1033.18.4095.1969 [GMT 2:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtblfs.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Facebook Update] "C:\Users\laki\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\laki\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:1
mPolicies-Explorer: NoClose = dword:1
mPolicies-Explorer: NoLogoff = dword:1
mPolicies-System: DisableTaskMgr = dword:1
mPolicies-System: DisableChangePassword = dword:1
mPolicies-System: DisableLockWorkstation = dword:1
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - hxxps://browsercheck.qualys.com/qbc_ax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{E400C0B0-5D13-4C50-8A74-B27B4BF6E923} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\laki\AppData\Roaming\Mozilla\Firefox\Profiles\gaq3idqz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Users\laki\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\laki\AppData\Roaming\Mozilla\Firefox\Profiles\gaq3idqz.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}\plugins\npqbc.dll
FF - plugin: C:\Users\laki\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\laki\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 202296]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-15 366640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-16 2214504]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-16 25912]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-6-16 174184]
S3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-28 1255736]
.
=============== Created Last 30 ================
.
2011-07-19 17:51:40 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A123CCF-F7E1-461F-B635-D86BFBCCE063}\mpengine.dll
2011-07-18 16:54:16 -------- d-----w- C:\Users\laki\AppData\Local\SKIDROW
2011-07-18 16:33:57 -------- d-----w- C:\Program Files (x86)\Valve
2011-07-17 19:12:52 197728 ----a-w- C:\Windows\WinVd32.sys
2011-07-17 19:12:49 7680 ----a-w- C:\Windows\SysWow64\WinFLsrv.exe
2011-07-17 19:12:46 -------- d-----w- C:\Program Files (x86)\Folder Lock 6
2011-07-14 00:28:09 -------- d-----w- C:\Program Files\Speccy
2011-07-13 16:43:51 -------- d-----w- C:\Users\laki\AppData\Local\{91BA557B-1CBD-41A9-B170-3511B240FC28}
2011-07-12 16:07:13 -------- d-----w- C:\Users\laki\AppData\Local\{6F42191F-1BAE-47E4-94B5-B486C37B43B3}
2011-07-11 17:05:19 -------- d-----w- C:\Users\laki\AppData\Local\{1B8755D5-4592-4FB7-A35C-DCDE6B790259}
2011-07-11 05:16:28 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-07-11 05:16:28 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-07-11 05:13:23 -------- d-----w- C:\Users\laki\AppData\Roaming\FLV Extract
2011-07-11 05:04:55 -------- d-----w- C:\Users\laki\AppData\Local\{767E6407-6358-430F-BEAF-ED478DD43682}
2011-07-11 04:58:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\26da4f2d1cc3f870c\DSETUP.dll
2011-07-11 04:58:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\26da4f2d1cc3f870c\DXSETUP.exe
2011-07-11 04:58:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\26da4f2d1cc3f870c\dsetup32.dll
2011-07-11 04:58:12 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\222adfed1cc3f870b\DSETUP.dll
2011-07-11 04:58:12 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\222adfed1cc3f870b\DXSETUP.exe
2011-07-11 04:58:12 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\222adfed1cc3f870b\dsetup32.dll
2011-07-11 04:56:29 -------- d-----w- C:\Users\laki\AppData\Local\Windows Live
2011-07-11 04:56:28 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-11 01:39:31 -------- d-----w- C:\Program Files (x86)\FreeTime
2011-07-11 01:30:27 -------- d-----w- C:\Program Files\Avidemux 2.5
2011-07-11 01:27:15 -------- d-----w- C:\Users\laki\AppData\Roaming\Boilsoft
2011-07-11 01:17:04 -------- d-----w- C:\Users\laki\AppData\Roaming\avidemux
2011-07-10 20:07:29 -------- d-----w- C:\Users\laki\AppData\Roaming\ThemeManager
2011-07-10 16:24:37 147856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2011-07-10 16:24:10 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-07-10 16:24:10 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-07-10 00:06:08 -------- d-----w- C:\Users\laki\Screenshots
2011-07-10 00:05:05 -------- d-----w- C:\Users\laki\AppData\Local\ScreenCapture
2011-07-10 00:05:03 -------- d-----w- C:\Program Files (x86)\Screen Capturer
2011-07-10 00:04:46 -------- d-----w- C:\ProgramData\ScreenCapture
2011-07-09 17:04:11 -------- d-----w- C:\Windows\PixArt
2011-07-06 21:10:51 -------- d-----w- C:\Users\laki\AppData\Local\Facebook
2011-07-06 02:23:41 -------- d-----w- C:\Users\laki\AppData\Roaming\qualys
2011-07-06 00:21:51 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup
2011-07-06 00:21:50 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2011-07-06 00:21:50 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2011-07-06 00:21:49 95080 ----a-w- C:\Windows\UXThemePatcher.exe
2011-07-04 20:02:35 -------- d-----w- C:\Users\laki\AppData\Roaming\picpick
2011-07-02 15:23:06 -------- d-----w- C:\Users\laki\AppData\Roaming\LibreOffice
2011-07-02 15:22:41 -------- d-----w- C:\Windows\ShellNew
2011-07-02 15:22:16 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.4
2011-07-02 06:23:47 -------- d-----w- C:\ProgramData\Caphyon
2011-07-02 06:23:46 -------- d-----w- C:\Users\laki\AppData\Local\Martview
2011-07-02 06:16:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-02 06:13:41 -------- d-----w- C:\Users\laki\Calibre biblioteka
2011-07-02 06:13:40 -------- d-----w- C:\Users\laki\AppData\Roaming\calibre
2011-07-02 06:13:33 -------- d-----w- C:\Program Files (x86)\Calibre2
2011-07-02 02:41:51 -------- d-----w- C:\Users\laki\AppData\Roaming\Mp3tag
2011-07-02 01:30:24 -------- d-----w- C:\Program Files (x86)\Mp3tag
2011-06-30 20:51:22 -------- d-----w- C:\Program Files (x86)\DtsFilter
2011-06-30 01:40:01 -------- d-----w- C:\Users\laki\AppData\Roaming\PeaZip
2011-06-30 01:39:33 -------- d-----w- C:\Program Files\PeaZip
2011-06-29 21:25:21 -------- d-----w- C:\icons
2011-06-29 21:09:53 -------- d-----w- C:\Program Files (x86)\RocketDock
2011-06-28 20:34:22 -------- d-----w- C:\Users\laki\AppData\Local\Adobe
2011-06-21 14:39:38 712976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
.
==================== Find3M ====================
.
2011-07-06 17:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-06 02:24:18 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-06 00:21:51 2851840 ----a-w- C:\Windows\System32\themeui.dll
2011-07-06 00:21:50 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-07-06 00:21:50 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-31 16:45:26 1404928 ----a-w- C:\Windows\System32\RCoRes64.dat
2011-05-31 15:21:28 2886888 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-05-31 14:38:54 91240 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-05-31 08:09:30 3114088 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-05-31 07:42:06 728680 ----a-w- C:\Windows\System32\DTSBassEnhancementDLL64.dll
2011-05-31 07:42:06 712296 ----a-w- C:\Windows\System32\DTSSymmetryDLL64.dll
2011-05-31 07:42:06 693352 ----a-w- C:\Windows\System32\DTSVoiceClarityDLL64.dll
2011-05-31 07:42:06 491112 ----a-w- C:\Windows\System32\DTSNeoPCDLL64.dll
2011-05-31 07:42:06 432744 ----a-w- C:\Windows\System32\DTSLimiterDLL64.dll
2011-05-31 07:42:06 428648 ----a-w- C:\Windows\System32\DTSGainCompensatorDLL64.dll
2011-05-31 07:42:06 242792 ----a-w- C:\Windows\System32\DTSLFXAPO64.dll
2011-05-31 07:42:06 242792 ----a-w- C:\Windows\System32\DTSGFXAPO64.dll
2011-05-31 07:42:06 241768 ----a-w- C:\Windows\System32\DTSGFXAPONS64.dll
2011-05-31 07:42:06 1756264 ----a-w- C:\Windows\System32\DTSS2SpeakerDLL64.dll
2011-05-31 07:42:06 1568360 ----a-w- C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2011-05-31 07:42:06 1486952 ----a-w- C:\Windows\System32\DTSBoostDLL64.dll
2011-05-27 15:58:00 1284712 ----a-w- C:\Windows\RtlExUpd.dll
2011-05-24 17:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 13:01:12 1559656 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-23 15:12:36 1245288 ----a-w- C:\Windows\System32\RTCOM64.dll
2011-05-20 08:44:02 2405992 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-05-05 13:24:02 2085440 ----a-w- C:\Windows\System32\FMAPO64.dll
2011-05-05 12:15:00 220512 ----a-w- C:\Windows\System32\SFNHK64.dll
2011-05-05 12:14:56 78176 ----a-w- C:\Windows\System32\SFAPO64.dll
2011-05-05 12:14:52 81248 ----a-w- C:\Windows\System32\SFCOM64.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-05-02 12:27:56 118104 ----a-w- C:\Windows\System32\R4EEA64A.dll
2011-05-02 12:27:54 74072 ----a-w- C:\Windows\System32\R4EEG64A.dll
2011-05-02 12:27:54 426328 ----a-w- C:\Windows\System32\R4EED64A.dll
2011-05-02 12:27:54 3308376 ----a-w- C:\Windows\System32\R4EEP64A.dll
2011-05-02 12:27:54 136024 ----a-w- C:\Windows\System32\R4EEL64A.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-28 03:55:08 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-04-28 03:54:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-24 21:14:48 234896 ----a-w- C:\Windows\System32\klogon.dll
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
 
0

bojan_bozovic

Član broj: 29028
Poruke: 3292
*.dynamic.sbb.rs.

Sajt: angelstudio.org


+392 Profil

icon Re: Savet za Hijack This log, šta brisati20.07.2011. u 04:50 - pre 169 meseci
Code:
mPolicies-System: DisableTaskMgr = dword:1
mPolicies-System: DisableChangePassword = dword:1


Mora da imaš neki virus. Na tvom mestu napravio bih backup i uradio bih clean install, jer HijackThis ne može da ukaže na sve što je promenjeno u registry (čak i Run ključevi, ne ispisuje ih sve!)

Poz.
 
0

hejejj

Član broj: 263889
Poruke: 246
*.opera-mini.net.



+6 Profil

icon Re: Savet za Hijack This log, šta brisati22.07.2011. u 01:19 - pre 168 meseci
Pa je li to samo tvoja pretpostavka ili je sigurno da imam virus? I kakav bi to virus mogao da bude a i cudno mi je da antivirus nista ne nalazi :/
 
0

bojan_bozovic

Član broj: 29028
Poruke: 3292
*.dynamic.sbb.rs.

Sajt: angelstudio.org


+392 Profil

icon Re: Savet za Hijack This log, šta brisati22.07.2011. u 06:12 - pre 168 meseci
Sigurno je da imaš kad je task manager onesposobljen, i onemogućeno menjanje lozinke! Ili si to ti uradio sam u Local Group Policy editoru (gpedit.msc) ili je to uradio malware.

Ne nagadjam, znači, jeste. A što se AV tiče, i nesposobnosti da otkriju malware, to nek te ne čudi. "XP Black edition" i slični dolazili su puni malwarea i sa instaliranim AV programom koji ništa nije upozoravao. :)
 
0

valjan
Janko Valencik
Software Deployer
Schneider Electric
Novi Sad

Moderator
Član broj: 158605
Poruke: 3531
*.dynamic.sbb.rs.



+553 Profil

icon Re: Savet za Hijack This log, šta brisati22.07.2011. u 08:08 - pre 168 meseci
Imas gomilu kojekakvih utilityja instalirano, vecinu u proteklih mesec dana. Neki od njih su stalno aktivni, pa obrati paznju koliko trose RAM-a i CPU, a za one ostale, ako nisu freeware, a nisi ih platio, dobro proveri "registraciju" koju si koristio (preporucujem http://www.virustotal.com). Postoji mogucnost i da je neki od njih menjao sistemske fajlove, bacio sam pogled na par komada da vidim cemu sluze, i neki od njih bi mogli biti potencijalni kandidati za brljanje po sistemu.

Sto se tice toga da AV nista ne detektuje, jedan AV nikad nije dovoljan da sa sigurnoscu znas da li nesto jeste ili nije virus. Danas kada se malware broji u milionima razlicitih vrsta, nerealno je ocekivati da ce neki AV softver moci da prepozna bas svaki primerak. Znaci, ako AV tvrdi da nemas virusa, ne znaci da je to 100% tacno, a isto tako i ako tvrdi da je neki fajl zarazen, opet ne mora biti 100% sigurno da je bas tako. Najgore je kad mislis da je sasvim dovoljno da instaliras AV i da onda mozes da radis sta hoces i kako hoces, a u stvari bezbednost zavisi od tebe samog.

E sad, ako si vec postavio pitanje na ovom forumu, znaci da i ti sam sumnjas da ti je racunar zarazen, i ako ti jos neko to potvrdi, cemu onda tolika sumnja? Uzmi, brate pa skeniraj jos necim, imas i online AV skenera koje ni ne moras instalirati, imas i LiveCD skenera koje takodje ne moras instalirati, imas i specijalizovanih skenera koje samo pokrenes na zarazenom sistemu, pa oni uklone one gadnije napasti, a onda tvoj redovan AV moze da se pozabavi sa onim preostalim bezazelnijim... Mislim, instalirao si toliki broj kojekakvih kojestarija, a mrsko ti je da poteras jos jedan AV kad ti to neko zatrazi?
 
0

hejejj

Član broj: 263889
Poruke: 246
*.opera-mini.net.



+6 Profil

icon Re: Savet za Hijack This log, šta brisati22.07.2011. u 15:46 - pre 168 meseci
Pa jesam se bavio nekim passwordima nemam pojma sta sam tu radio a kad udjem u local grups ne mogu da mu pristupim jer koristim home premium...e vala ne znam bas nesto o tim racunarima tako da valjda sad pisem nesto sto nema veze sa tim sto kazete...ukoliko imam virus onda je on dasao sa windowsom
 
0

Vodomar

Član broj: 145510
Poruke: 288



+37 Profil

icon Re: Savet za Hijack This log, šta brisati22.07.2011. u 17:18 - pre 168 meseci
Nisu problem lozinke već programčići koji su bili u torrentu a služe da naprave lozinku ili da se dodaju u regularni programski folder.Prvo deinstaliraj sve sto si nakrcao a onda iskeniraj sistem sa malwarebytsom i sa http://www.surfright.nl/en/hitmanpro i ovaj je dobar
http://www.eset.com/us/online-scanner (ovo mozes i skinuti pa updateovati)
Obavezno isključi KAV tokom skeniranja.

[Ovu poruku je menjao Vodomar dana 22.07.2011. u 18:31 GMT+1]
If you didn't go looking for it, don't install it. If you do install it, make sure you update it. And if
you no longer need it, remove it.
 
0

[es] :: Zaštita :: Savet za Hijack This log, šta brisati
(Zaključana tema (lock), by Aleksandar Maletic)
Strane: 1 2

[ Pregleda: 8809 | Odgovora: 37 ] > FB > Twit

Postavi temu

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.