HJ this molim za proveru

[ izida @ 26.10.2008. 19:22 ] @

AVG mi je nasao nekog trojanca za koji sam mislio da ga je AVG izbrisao medjutim komp mi je dosta usporen od toga tako da mislim da se negde ostao,pokusao sam sa Spybot - Search & Destroy i AD-Aware ali nista

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:56 PM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\aleksandar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\FreePack\PSU\PSU.EXE
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elitesecurity.org/f101-PC-DVB-kartice
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\aleksandar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [USDownloader] "C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\Rar$EX00.140\USDownloader.exe"
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Startup: PowerInstall Softcam Updater.lnk = C:\Program Files\FreePack\PSU\PSU.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1216676928792
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ES...nstall-6u7-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F834D4D-C7B6-497D-BF0A-CC81B066CAAD}: NameServer = 93.93.93.2,194.106.162.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6825 bytes

[ kristi1 @ 26.10.2008. 19:32 ] @

U logu se nista ne vidi, ali skini http://www.malwarebytes.org/mbam.php i skeniraj sa njim, ako je neki Vundo malwarebytes ce ga ocistiti.

[ izida @ 26.10.2008. 23:09 ] @

nista nije pronasao... jos uvek je usporen komp,pogotovo kad sam na netu...

[ magna86 @ 27.10.2008. 06:16 ] @

aj za pocetak promeni naziv foldera kao i setupa sa HijackThis-a u bilo sta drugo..
naprimer ..promeni sve u elite.exe

mozda se nesto krije...

znaci to bi trebalo da izgleda ovako nekako

Code:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Code:
C:\Program Files\elite.exe\elite.exe\elite.exe

ali pre toga!!!

skini ovaj program
http://www.gmer.net/gmer.zip

pokreni program (setup)
izaberi Rootkit/Malware tab na vrhu.
pa na Scan,kada je skeniranje zavrseno, klik na Copy dugme ispod
i odmah kopiraj (paste) nama njegov log
*kao i svez HjT (sa ispracenim gore uputstvom)

srecno

_{[Ovu poruku je menjao magna86 dana 27.10.2008. u 08:25 GMT+1]}

_{[Ovu poruku je menjao magna86 dana 27.10.2008. u 08:25 GMT+1]}

[ izida @ 27.10.2008. 14:27 ] @

nadam se da sam dobro odradio

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:18 PM, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\aleksandar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\FreePack\PSU\PSU.EXE
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\Rar$EX00.781\gmer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\232.exe\232.exe\232.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elitesecurity.org/f101-PC-DVB-kartice
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\aleksandar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [USDownloader] "C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\Rar$EX00.140\USDownloader.exe"
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Startup: PowerInstall Softcam Updater.lnk = C:\Program Files\FreePack\PSU\PSU.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1216676928792
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ES...nstall-6u7-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F834D4D-C7B6-497D-BF0A-CC81B066CAAD}: NameServer = 93.93.93.2,194.106.162.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6942 bytes

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-27 15:27:45
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT spri.sys ZwCreateKey [0xF740F0E0]
SSDT spri.sys ZwEnumerateKey [0xF742DCA2]
SSDT spri.sys ZwEnumerateValueKey [0xF742E030]
SSDT spri.sys ZwOpenKey [0xF740F0C0]
SSDT spri.sys ZwQueryKey [0xF742E108]
SSDT spri.sys ZwQueryValueKey [0xF742DF88]
SSDT spri.sys ZwSetValueKey [0xF742E19A]

INT 0x73 ? 86FD6BF8
INT 0x73 ? 86FD6BF8
INT 0x73 ? 86FD6BF8
INT 0x74 ? 86AEEBF8
INT 0x94 ? 86AEEBF8
INT 0xA4 ? 86AEEBF8
INT 0xB4 ? 86FD6BF8
INT 0xB4 ? 86FD6BF8
INT 0xB4 ? 86FD6BF8
INT 0xB4 ? 86FD6BF8
INT 0xB4 ? 86AEEBF8
INT 0xB4 ? 86FD6BF8

---- Kernel code sections - GMER 1.0.14 ----

? spri.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6BD68AC 5 Bytes JMP 86AEE1D8

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86FD92D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7440C4C] spri.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7440CA0] spri.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7410040] spri.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F741013C] spri.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74100BE] spri.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74107FC] spri.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74106D2] spri.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86AEE2D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7420048] spri.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86FD51F8
Device \FileSystem\Fastfat \FatCdrom 8677B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{8F834D4D-C7B6-497D-BF0A-CC81B066CAAD} 8672C500
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-0 86AEC500
Device \Driver\usbuhci \Device\USBPDO-1 86AEC500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F681F8
Device \Driver\dmio \Device\DmControl\DmConfig 86F681F8
Device \Driver\dmio \Device\DmControl\DmPnP 86F681F8
Device \Driver\dmio \Device\DmControl\DmInfo 86F681F8
Device \Driver\usbehci \Device\USBPDO-2 86AE13D8
Device \Driver\usbuhci \Device\USBPDO-3 86AEC500
Device \Driver\usbuhci \Device\USBPDO-4 86AEC500
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-5 86AEC500
Device \Driver\usbehci \Device\USBPDO-6 86AE13D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD71F8
Device \Driver\Cdrom \Device\CdRom0 86AAB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD71F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EFEA9586-F3A3-4012-A1E9-F52E43B500F5} 8672C500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8672C500
Device \Driver\NetBT \Device\NetbiosSmb 8672C500
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 86AEC500
Device \Driver\usbuhci \Device\USBFDO-1 86AEC500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8600C1F8
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbehci \Device\USBFDO-2 86AE13D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8600C1F8
Device \Driver\usbuhci \Device\USBFDO-3 86AEC500
Device \Driver\usbuhci \Device\USBFDO-4 86AEC500
Device \Driver\Ftdisk \Device\FtControl 86FD71F8
Device \Driver\usbuhci \Device\USBFDO-5 86AEC500
Device \Driver\usbehci \Device\USBFDO-6 86AE13D8
Device \FileSystem\Fastfat \Fat 8677B500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 86DDB500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBE 0xFC 0x11 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x91 0x40 0xF9 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0xBE 0x20 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x54 0xB3 0xA6 0xE3 ...

---- EOF - GMER 1.0.14 ----

[ kristi1 @ 27.10.2008. 14:45 ] @

Tebe najverovatnije zeza GoogleUpdate.exe
Otvori task manager i zaustavi taj proces, zatim nadji ovu putanju u registry-u HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Na desnom panelu pronadji GoogleUpdate.exe klikni desni klik i delete.
Zatim nadji taj file C:\Documents and Settings\aleksandar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe i obrisi ga (shift+del)
File je hiden.

Jos nesto, vidis ove 04 linije u HJT logu, to su sve programi koji se pokrecu kada ti startujes windows. Osim AVG-a sve ostale iskljuci u startup-u, nema potrebe da sve to radi i trosi memoriju.

[ izida @ 27.10.2008. 16:48 ] @

nikako ne uspevam da nadjem te dve putanje,ko da ih nema kod mene?

[ magna86 @ 27.10.2008. 16:57 ] @

1. uradi ovo!
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

pritisni alt+ctrl+delete
pod jezikom process nadji GoogleUpdate.exe i idi na end process
start/run kucaj regedit
HKCU se odnosi na HKEY_CURRENT_USER.
pa isprati uputstvo koje je napisao @kristi1

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\

Citat:

sa desne strane treba da se nalazi GoogleUpdate.exe klikni desni klik i delete.
Zatim nadji taj file C:\Documents and Settings\aleksandar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe i obrisi ga (shift+del)
File je hiden.

...................
da...a vidis..meni je za oko upala ova linija
O4 - Startup: PowerInstall Softcam Updater.lnk = C:\Program Files\FreePack\PSU\PSU.EXE
nemora da znaci da je maliciozna,al sto da je neproverimo...

google nekaze nista konkretno za ovu liniju...

nadji sledeci folder
c:\documents and settings\USERNAME\start menu\programs\startup\pa vidi jel znas sta je PowerInstall Softcam Updater

ako neznas,obristi je rucno odatle i file C:\Program Files\FreePack\PSU\PSU.EXE

ili mozda..jos bolje..

sam proveri jel to maliciozno ili ne..

Upload-uj file na skeniranje:

*otvori sledece sajtove:
http://virusscan.jotti.org/
http://www.virustotal.com/

upload-uj sledeci file

Code:
C:\Program Files\FreePack\PSU\PSU.EXE

*javi rezultate

[ izida @ 27.10.2008. 18:55 ] @

nasao sam i obrisao.
sto se tice tog programa on sluzi za automatsko skidanje kljuceva za satelitsku televiziju tako da je on ok

Scan taken on 27 Oct 2008 18:52:57 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

videcu kako se komp ponasa pa cu da javim ako ima nekih promena
hvala