13.08.2009., 11:25
|
#2
|
|
Never Registered User
Datum registracije: Jun 2008
Lokacija: -
Postovi: 92
|
Nisam uspijela poslat attachments..pa evo tu:
HijackLog:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:12, on 12.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\MAGIX\Xtreme_Photo_Designer_6\XPD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 7476 bytes
Avira AntiVir Premium Scan:
Code:
Avira AntiVir Premium
Report file date: 9. kolovoz 2009 00:28
Scanning for 1618860 virus strains and unwanted programs.
Licensee : Sascha Lukas
Serial number : 1101039552-PEPWE-0001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : RL
Version information:
BUILD.DAT : 9.0.0.446 21381 Bytes 29.7.2009 10:09:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7.8.2009 09:45:11
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 10:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.6.2009 07:27:04
ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 3.8.2009 09:45:11
ANTIVIR3.VDF : 7.1.5.85 445952 Bytes 7.8.2009 18:53:49
Engineversion : 8.2.0.248
AEVDF.DLL : 8.1.1.1 106868 Bytes 30.4.2009 15:21:12
AESCRIPT.DLL : 8.1.2.23 455033 Bytes 7.8.2009 09:45:11
AESCN.DLL : 8.1.2.4 127348 Bytes 23.7.2009 05:49:51
AERDL.DLL : 8.1.2.4 430452 Bytes 15.7.2009 05:01:31
AEPACK.DLL : 8.1.3.18 401783 Bytes 27.5.2009 17:29:33
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17.6.2009 19:43:55
AEHEUR.DLL : 8.1.0.154 1917302 Bytes 8.8.2009 18:53:51
AEHELP.DLL : 8.1.5.3 233846 Bytes 23.7.2009 05:49:51
AEGEN.DLL : 8.1.1.55 356723 Bytes 7.8.2009 09:45:11
AEEMU.DLL : 8.1.0.9 393588 Bytes 9.10.2008 12:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 23.7.2009 05:49:50
AEBB.DLL : 8.1.0.3 53618 Bytes 9.10.2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 5.12.2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5.12.2008 08:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 27.4.2009 15:21:37
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2.2.2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5.12.2008 08:32:10
RCIMAGE.DLL : 9.0.0.28 2623745 Bytes 9.6.2009 16:55:27
RCTEXT.DLL : 9.0.37.0 90369 Bytes 27.4.2009 15:21:37
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: 9. kolovoz 2009 00:28
Starting search for hidden objects.
'32821' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'DynamicPhoto.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LFService.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'TUProgSt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '55' files ).
Starting the file scan:
Begin scan in 'C:\' <Windows i instalacije>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Program Files\Lock Folder XP\LF30.exe
[DETECTION] Is the TR/Agent.498996.A Trojan
C:\Program Files\Lock Folder XP\Lock Folder Xp 3.6.exe
[DETECTION] Is the TR/Agent.566801 Trojan
C:\System Volume Information\_restore{462EA133-78F3-44C4-9279-A2CA718A8303}\RP152\A0025473.exe
[DETECTION] Is the TR/Agent.566801 Trojan
Begin scan in 'D:\' <Sigurna particija>
D:\SETAPI\LockFolder\Lock Folder XP 3.7.7\Patch\Lock Folder Xp 3.6.exe
[DETECTION] Is the TR/Agent.566801 Trojan
D:\SETAPI\Windows.Genuine.Advantage.Validation.v1.9.0040.0\Windows.Genuine.Advantage.Validation.v1.9.0040.0\WgaTray.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> ali.exe
[DETECTION] Is the TR/Angel.F Trojan
D:\SETAPI\Windows.Genuine.Advantage.Validation.v1.9.0040.0\Windows.Genuine.Advantage.Validation.v1.9.0040.0\WgaTray.exe.bak
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> ali.exe
[DETECTION] Is the TR/Angel.F Trojan
Beginning disinfection:
C:\Program Files\Lock Folder XP\LF30.exe
[DETECTION] Is the TR/Agent.498996.A Trojan
[NOTE] The file was moved to '4ab1020c.qua'!
C:\Program Files\Lock Folder XP\Lock Folder Xp 3.6.exe
[DETECTION] Is the TR/Agent.566801 Trojan
[NOTE] The file was moved to '4ae10235.qua'!
C:\System Volume Information\_restore{462EA133-78F3-44C4-9279-A2CA718A8303}\RP152\A0025473.exe
[DETECTION] Is the TR/Agent.566801 Trojan
[NOTE] The file was moved to '4aae01f6.qua'!
D:\SETAPI\LockFolder\Lock Folder XP 3.7.7\Patch\Lock Folder Xp 3.6.exe
[DETECTION] Is the TR/Agent.566801 Trojan
[NOTE] The file was moved to '4b999996.qua'!
D:\SETAPI\Windows.Genuine.Advantage.Validation.v1.9.0040.0\Windows.Genuine.Advantage.Validation.v1.9.0040.0\WgaTray.exe
[NOTE] The file was moved to '4adf022d.qua'!
D:\SETAPI\Windows.Genuine.Advantage.Validation.v1.9.0040.0\Windows.Genuine.Advantage.Validation.v1.9.0040.0\WgaTray.exe.bak
[NOTE] The file was moved to '4ba3b8ee.qua'!
End of the scan: 9. kolovoz 2009 00:52
Used time: 24:38 Minute(s)
The scan has been done completely.
5802 Scanned directories
341821 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
341814 Files not concerned
1508 Archives were scanned
1 Warnings
7 Notes
32821 Objects were scanned with rootkit scan
0 Hidden objects were found
|
|
|