MyCity » Ambulanta -> Arhiva Ambulante » Racunar se sam restartuje

Racunar se sam restartuje

Napisano na dan: 16.1.2009

Strana:
1
2

Racunar se sam restartuje

Sledeća strana

Pagination

Odgovori

Strana:
1
2

boskosn Poslao: 16 Jan 2009 22:24 Idi na vrh
offline boskosn Novi MyCity građanin Pridružio: 17 Jun 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Racunar mi se sam restartuje kada sam na internetu, bez nekog vidljivog razloga..( Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:09:41, on 16.1.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\bosko\Desktop\Nova fascikla\TR3.exe.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Pomagalo za veze za Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - cdn.scan.onecare.live.com/resource/download.....cctrl2.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/ji.....586-jc.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C9F5F5F-6B83-485F-B823-C8415F8338CF}: NameServer = 195.66.160.1 195.66.160.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Update Service (gupdate1c95e4056d7d8d0) (gupdate1c95e4056d7d8d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdgmr.exe -- End of file - 7251 bytes

Profil

dr_Bora Poslao: 16 Jan 2009 22:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings.... U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK. Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

boskosn Poslao: 16 Jan 2009 23:05 Idi na vrh
offline boskosn Novi MyCity građanin Pridružio: 17 Jun 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-16.02 - bosko 2009-01-16 22:44:58.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1033.18.1022.488 [GMT 1:00] Running from: c:\users\bosko\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG C:\resycled D:\resycled d:\resycled\boot.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Windows Tribute Service ((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 ))))))))))))))))))))))))))))))) . 2009-01-14 22:07 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-01-05 00:10 . 2009-01-05 00:10 <DIR> d-------- c:\program files\RegCure 2009-01-05 00:10 . 2009-01-05 00:13 <DIR> d-------- c:\program files\Disk Cleaner 2008-12-27 23:52 . 2007-04-09 13:23 28,040 --a------ c:\windows\System32\mdimon.dll 2008-12-27 23:52 . 2008-12-27 23:52 376 --a------ c:\windows\ODBC.INI 2008-12-27 23:50 . 2008-12-27 23:50 <DIR> d-------- c:\program files\Common Files\L&H 2008-12-27 23:49 . 2008-12-27 23:49 <DIR> d-------- c:\program files\Microsoft ActiveSync 2008-12-27 23:48 . 2008-12-27 23:48 <DIR> d-------- C:\Stationery 2008-12-27 23:48 . 2008-12-27 23:48 <DIR> d-------- C:\MEDIA 2008-12-27 23:48 . 2008-12-27 23:49 <DIR> d-------- C:\CLIPART 2008-12-27 23:47 . 2008-12-27 23:50 <DIR> d-------- C:\Templates 2008-12-27 23:47 . 2009-01-14 22:40 <DIR> d-------- C:\OFFICE11 2008-12-25 22:35 . 2008-12-25 23:24 <DIR> d-------- c:\program files\Quark 2008-12-25 22:28 . 2008-12-25 22:29 <DIR> d-------- c:\users\All Users\Quark 2008-12-25 22:28 . 2008-12-25 22:29 <DIR> d-------- c:\programdata\Quark 2008-12-19 20:59 . 2008-12-19 20:59 <DIR> d-------- c:\users\All Users\PC Drivers HeadQuarters 2008-12-19 20:59 . 2008-12-19 20:59 <DIR> d-------- c:\programdata\PC Drivers HeadQuarters 2008-12-19 20:59 . 2008-12-19 20:59 <DIR> d-------- c:\program files\PC Drivers HeadQuarters 2008-12-18 00:08 . 2008-12-18 00:40 <DIR> d-------- c:\program files\Restorer2000 Pro 2008-12-17 23:36 . 2008-12-17 23:39 <DIR> d-------- c:\users\bosko\AppData\Roaming\Cimaware 2008-12-17 23:34 . 2008-12-17 23:34 <DIR> d-------- c:\program files\Cimaware 2008-12-17 23:22 . 2008-12-18 18:34 <DIR> d-------- c:\program files\AWR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-16 21:03 --------- d-----w c:\users\bosko\AppData\Roaming\Skype 2009-01-15 22:31 --------- d-----w c:\programdata\Google Updater 2009-01-14 21:41 --------- d-----w c:\program files\Windows Mail 2009-01-14 21:39 --------- d-----w c:\programdata\Microsoft Help 2008-12-29 16:43 --------- d-----w c:\program files\Microsoft Works 2008-12-25 22:08 --------- d-----w c:\users\bosko\AppData\Roaming\uTorrent 2008-12-25 21:25 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-22 14:16 --------- d-----w c:\program files\Opera 2008-12-19 20:00 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-14 23:05 --------- d-----w c:\program files\Google 2008-12-12 20:55 --------- d-----w c:\programdata\Skype 2008-12-12 20:55 --------- d-----w c:\program files\Skype 2008-12-12 20:55 --------- d-----w c:\program files\Common Files\Skype 2008-12-11 14:01 --------- d-----w c:\users\bosko\AppData\Roaming\Xilisoft Corporation 2008-12-11 14:01 --------- d-----w c:\program files\Xilisoft 2008-12-03 21:22 --------- d-----w c:\program files\Wireless WEP Key Password Spy 2008-12-03 21:14 --------- d-----w c:\program files\WMR11 2008-12-03 21:13 --------- d-----w c:\program files\Replay Media Catcher 2008-12-01 20:15 --------- d-----w c:\program files\MSXML 4.0 2008-11-27 13:39 --------- d-----w c:\program files\ABBYY FineReader 9.0 2008-11-27 13:35 --------- d-----w c:\program files\Common Files\ABBYY 2008-11-27 12:51 --------- d-----w c:\program files\HP 2008-11-27 02:04 --------- d-----w c:\program files\ICQ 2008-11-27 01:22 --------- d-----w c:\program files\Hewlett-Packard 2008-11-24 17:15 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-11-24 17:15 --------- d-----w c:\program files\Adobe Media Player 2008-11-21 22:07 --------- d-----w c:\program files\Odigo 2008-11-21 15:55 --------- d-----w c:\users\bosko\AppData\Roaming\DMCache 2008-11-17 16:32 --------- d-----w c:\program files\Windows Live Safety Center 2008-11-16 20:42 --------- d-----w c:\users\bosko\AppData\Roaming\Moyea 2008-11-16 20:23 --------- d-----w c:\users\bosko\AppData\Roaming\vlc 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-01 21:04 174 --sha-w c:\program files\desktop.ini 2006-11-01 23:30 87,552 ----a-w c:\users\bosko\BootSect.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-18 227840] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] --a------ 2007-03-20 13:36 36864 c:\windows\RaidTool\xInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ] --a------ 2003-10-14 17:36 38984 c:\progra~1\ICQ\ICQNet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 14:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2006-11-06 09:27 200704 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-18 22:33 1233920 c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-12-18 17:32 25365032 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2] --a------ 2007-04-13 12:52 307200 c:\windows\vsnpstd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2007-03-29 11:29 3276800 c:\program files\Analog Devices\SoundMAX\SoundMAX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2007-04-02 23:32 1261568 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-10-23 23:01 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-10-23 22:38 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-18 22:38 1008184 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] --a------ 2008-01-18 22:36 2153472 c:\windows\System32\oobefldr.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{67B60EAD-3C77-49AC-90F8-9288200869D1}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{5A7EE9E4-6788-4535-AC41-76500635EA39}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{FA2F8F5B-ED90-4ADE-9C88-CDEF7FEEA73D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{5E991B1D-B1FA-40F7-B13E-4A7E9916DD41}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{D14867AD-22F7-4750-ABF2-D0A685B66C69}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{B5109571-B5B3-456A-B589-3DDD29B10494}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{CE2178AB-774D-4D48-A37A-C1FE0F7A3A3E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{EFE1FA44-6686-4E23-B969-0F0C30CCB140}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{26BA0090-0487-4DAB-BD06-213A5E5D1DA6}c:\\users\\bosko\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:c:\users\bosko\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe "UDP Query User{CEA48B16-DFD1-4FAA-AD15-97DCD03C428D}c:\\users\\bosko\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:c:\users\bosko\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe "TCP Query User{43CB0764-00DD-412B-9F85-6BFBCEDC46CD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{62614483-3CC9-468D-98F7-D951B75BEEA0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{5226F6FB-9A3D-491C-8E66-500D4A7EB2EE}c:\\program files\\icq\\icq.exe"= UDP:c:\program files\icq\icq.exe:ICQ "UDP Query User{AC6E884A-8372-46E9-9869-18A80E2EAC16}c:\\program files\\icq\\icq.exe"= TCP:c:\program files\icq\icq.exe:ICQ "TCP Query User{7E8A6F46-D485-404D-86F0-43ECEBC71C9E}c:\\program files\\internet download manager\\idman.exe"= UDP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM) "UDP Query User{C49491B4-1CDD-4152-9F9D-13F57D0961D7}c:\\program files\\internet download manager\\idman.exe"= TCP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM) "TCP Query User{ACED7AD6-DCAF-49F4-AFF2-BCE31D061E9B}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer "UDP Query User{5CC8D909-E25D-4D62-A9AA-9A914511D029}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer "{46C1624D-DEC6-45BA-8C6D-F74E4B3CFC08}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{216DA21D-E274-4F46-A0F0-35377379AC80}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{A81602BD-5283-4337-ABCD-DC87055B218A}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{3A951DDA-27EF-44BA-AB10-BB4FDF408DFC}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "{98DCE7C0-D1F9-4D4E-AE25-ABAFC19D9A3B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{738405EB-A673-401B-948B-2567FA87F1E5}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype R4 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\System32\drivers\ndisprot.sys [2008-11-14 29192] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S4 gupdate1c95e4056d7d8d0;Google Update Service (gupdate1c95e4056d7d8d0);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 119280] . Contents of the 'Scheduled Tasks' folder 2009-01-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 00:04] 2009-01-16 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-04-21 22:21] 2009-01-05 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-04-21 22:21] 2009-01-16 c:\windows\Tasks\User_Feed_Synchronization-{84B48C1F-F902-4578-81EB-EFCD09CA99E9}.job - c:\windows\system32\msfeedssync.exe [2008-01-18 22:33] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html IE: E&xport to Microsoft Excel - c:\office11\EXCEL.EXE/3000 . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-16 22:53:59 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1829870228-2469409553-779331432-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):d3,27,c3,a7,a7,60,b9,10,17,1d,4d,2f,e5,7b,01,6c,e6,58,89,51,fe, e3,7f,8b,2a,fc,7d,7f,a3,5d,0c,ee,d4,c5,dd,c2,8c,7f,9c,ad,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-1829870228-2469409553-779331432-1000_Classes\CLSID\{fc939414-aa92-4118-afd8-d2fae174aa82}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000145 "Therad"=dword:0000001e . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\System32\Ati2evxx.exe c:\windows\System32\AEADISRV.EXE c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE c:\windows\System32\conime.exe c:\windows\System32\wbem\unsecapp.exe . ************************************************************************ . Completion time: 2009-01-16 22:57:09 - machine was rebooted [bosko] ComboFix-quarantined-files.txt 2009-01-16 21:57:05 Pre-Run: 50,352,201,728 bytes free Post-Run: 49,854,730,240 bytes free 216 --- E O F --- 2009-01-14 21:41:14

Profil

dr_Bora Poslao: 16 Jan 2009 23:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\windows\inf\ndisprot.inf C:\windows\system32\drivers\ndisprot.sys Driver:: Ndisprot FileLook:: c:\users\bosko\BootSect.exe c:\windows\system32\msconfig.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

boskosn Poslao: 16 Jan 2009 23:58 Idi na vrh
offline boskosn Novi MyCity građanin Pridružio: 17 Jun 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-16.02 - bosko 2009-01-16 23:43:10.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1033.18.1022.561 [GMT 1:00] Running from: c:\users\bosko\Desktop\ComboFix.exe Command switches used :: c:\users\bosko\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\inf\ndisprot.inf c:\windows\system32\drivers\ndisprot.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\inf\ndisprot.inf c:\windows\system32\drivers\ndisprot.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Ndisprot ((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 ))))))))))))))))))))))))))))))) . 2009-01-14 22:07 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-01-05 00:10 . 2009-01-05 00:10 <DIR> d-------- c:\program files\RegCure 2009-01-05 00:10 . 2009-01-05 00:13 <DIR> d-------- c:\program files\Disk Cleaner 2008-12-27 23:52 . 2007-04-09 13:23 28,040 --a------ c:\windows\System32\mdimon.dll 2008-12-27 23:52 . 2008-12-27 23:52 376 --a------ c:\windows\ODBC.INI 2008-12-27 23:50 . 2008-12-27 23:50 <DIR> d-------- c:\program files\Common Files\L&H 2008-12-27 23:49 . 2008-12-27 23:49 <DIR> d-------- c:\program files\Microsoft ActiveSync 2008-12-27 23:48 . 2008-12-27 23:48 <DIR> d-------- C:\Stationery 2008-12-27 23:48 . 2008-12-27 23:48 <DIR> d-------- C:\MEDIA 2008-12-27 23:48 . 2008-12-27 23:49 <DIR> d-------- C:\CLIPART 2008-12-27 23:47 . 2008-12-27 23:50 <DIR> d-------- C:\Templates 2008-12-27 23:47 . 2009-01-14 22:40 <DIR> d-------- C:\OFFICE11 2008-12-25 22:35 . 2008-12-25 23:24 <DIR> d-------- c:\program files\Quark 2008-12-25 22:28 . 2008-12-25 22:29 <DIR> d-------- c:\users\All Users\Quark 2008-12-25 22:28 . 2008-12-25 22:29 <DIR> d-------- c:\programdata\Quark 2008-12-19 20:59 . 2008-12-19 20:59 <DIR> d-------- c:\users\All Users\PC Drivers HeadQuarters 2008-12-19 20:59 . 2008-12-19 20:59 <DIR> d-------- c:\programdata\PC Drivers HeadQuarters 2008-12-19 20:59 . 2008-12-19 20:59 <DIR> d-------- c:\program files\PC Drivers HeadQuarters 2008-12-18 00:08 . 2008-12-18 00:40 <DIR> d-------- c:\program files\Restorer2000 Pro 2008-12-17 23:36 . 2008-12-17 23:39 <DIR> d-------- c:\users\bosko\AppData\Roaming\Cimaware 2008-12-17 23:34 . 2008-12-17 23:34 <DIR> d-------- c:\program files\Cimaware 2008-12-17 23:22 . 2008-12-18 18:34 <DIR> d-------- c:\program files\AWR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-16 21:03 --------- d-----w c:\users\bosko\AppData\Roaming\Skype 2009-01-15 22:31 --------- d-----w c:\programdata\Google Updater 2009-01-14 21:41 --------- d-----w c:\program files\Windows Mail 2009-01-14 21:39 --------- d-----w c:\programdata\Microsoft Help 2008-12-29 16:43 --------- d-----w c:\program files\Microsoft Works 2008-12-25 22:08 --------- d-----w c:\users\bosko\AppData\Roaming\uTorrent 2008-12-25 21:25 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-22 14:16 --------- d-----w c:\program files\Opera 2008-12-19 20:00 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-14 23:05 --------- d-----w c:\program files\Google 2008-12-12 20:55 --------- d-----w c:\programdata\Skype 2008-12-12 20:55 --------- d-----w c:\program files\Skype 2008-12-12 20:55 --------- d-----w c:\program files\Common Files\Skype 2008-12-11 14:01 --------- d-----w c:\users\bosko\AppData\Roaming\Xilisoft Corporation 2008-12-11 14:01 --------- d-----w c:\program files\Xilisoft 2008-12-03 21:22 --------- d-----w c:\program files\Wireless WEP Key Password Spy 2008-12-03 21:14 --------- d-----w c:\program files\WMR11 2008-12-03 21:13 --------- d-----w c:\program files\Replay Media Catcher 2008-12-01 20:15 --------- d-----w c:\program files\MSXML 4.0 2008-11-27 13:39 --------- d-----w c:\program files\ABBYY FineReader 9.0 2008-11-27 13:35 --------- d-----w c:\program files\Common Files\ABBYY 2008-11-27 12:51 --------- d-----w c:\program files\HP 2008-11-27 02:04 --------- d-----w c:\program files\ICQ 2008-11-27 01:22 --------- d-----w c:\program files\Hewlett-Packard 2008-11-24 17:15 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-11-24 17:15 --------- d-----w c:\program files\Adobe Media Player 2008-11-21 22:07 --------- d-----w c:\program files\Odigo 2008-11-21 15:55 --------- d-----w c:\users\bosko\AppData\Roaming\DMCache 2008-11-17 16:32 --------- d-----w c:\program files\Windows Live Safety Center 2008-11-16 20:42 --------- d-----w c:\users\bosko\AppData\Roaming\Moyea 2008-11-16 20:23 --------- d-----w c:\users\bosko\AppData\Roaming\vlc 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-01 21:04 174 --sha-w c:\program files\desktop.ini 2006-11-01 23:30 87,552 ----a-w c:\users\bosko\BootSect.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- c:\users\bosko\BootSect.exe ---- Company: Microsoft Corporation File Description: Boot Sector Manipulation Tool File Version: 6.0.6000.16386 (vista_rtm.061101-2205) Product Name: MicrosoftR WindowsR Operating System Copyright: c Microsoft Corporation. All rights reserved. Original file name: bootsect.exe MD5: e1921dea226b244f83ac5f59681d48a2 ---- c:\windows\system32\msconfig.exe ---- Company: Microsoft Corporation File Description: System Configuration Utility File Version: 6.0.6001.18000 (longhorn_rtm.080118-1840) Product Name: MicrosoftR WindowsR Operating System Copyright: c Microsoft Corporation. All rights reserved. Original file name: msconfig.EXE MD5: 7629e9bb2ff06eaca62580a2c1d4fe6a ((((((((((((((((((((((((((((( snapshot@2009-01-16_22.55.58.71 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-16 21:53:53 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-16 22:47:22 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-16 22:47:22 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-01-16 21:53:54 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-16 22:47:22 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-16 22:47:22 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-01-16 21:44:41 101,052 ----a-w c:\windows\System32\perfc009.dat + 2009-01-16 21:59:04 101,052 ----a-w c:\windows\System32\perfc009.dat - 2009-01-16 21:44:41 586,980 ----a-w c:\windows\System32\perfh009.dat + 2009-01-16 21:59:04 586,980 ----a-w c:\windows\System32\perfh009.dat - 2009-01-16 21:41:38 4,790 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1829870228-2469409553-779331432-1000_UserData.bin + 2009-01-16 21:55:24 5,036 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1829870228-2469409553-779331432-1000_UserData.bin - 2009-01-16 21:41:38 54,174 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-01-16 21:55:24 54,174 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-18 227840] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] --a------ 2007-03-20 13:36 36864 c:\windows\RaidTool\xInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ] --a------ 2003-10-14 17:36 38984 c:\progra~1\ICQ\ICQNet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 14:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2006-11-06 09:27 200704 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-18 22:33 1233920 c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-12-18 17:32 25365032 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2] --a------ 2007-04-13 12:52 307200 c:\windows\vsnpstd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2007-03-29 11:29 3276800 c:\program files\Analog Devices\SoundMAX\SoundMAX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2007-04-02 23:32 1261568 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-10-23 23:01 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-10-23 22:38 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-18 22:38 1008184 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] --a------ 2008-01-18 22:36 2153472 c:\windows\System32\oobefldr.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{67B60EAD-3C77-49AC-90F8-9288200869D1}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{5A7EE9E4-6788-4535-AC41-76500635EA39}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{FA2F8F5B-ED90-4ADE-9C88-CDEF7FEEA73D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{5E991B1D-B1FA-40F7-B13E-4A7E9916DD41}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{D14867AD-22F7-4750-ABF2-D0A685B66C69}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{B5109571-B5B3-456A-B589-3DDD29B10494}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{CE2178AB-774D-4D48-A37A-C1FE0F7A3A3E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{EFE1FA44-6686-4E23-B969-0F0C30CCB140}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{26BA0090-0487-4DAB-BD06-213A5E5D1DA6}c:\\users\\bosko\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:c:\users\bosko\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe "UDP Query User{CEA48B16-DFD1-4FAA-AD15-97DCD03C428D}c:\\users\\bosko\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:c:\users\bosko\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe "TCP Query User{43CB0764-00DD-412B-9F85-6BFBCEDC46CD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{62614483-3CC9-468D-98F7-D951B75BEEA0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{5226F6FB-9A3D-491C-8E66-500D4A7EB2EE}c:\\program files\\icq\\icq.exe"= UDP:c:\program files\icq\icq.exe:ICQ "UDP Query User{AC6E884A-8372-46E9-9869-18A80E2EAC16}c:\\program files\\icq\\icq.exe"= TCP:c:\program files\icq\icq.exe:ICQ "TCP Query User{7E8A6F46-D485-404D-86F0-43ECEBC71C9E}c:\\program files\\internet download manager\\idman.exe"= UDP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM) "UDP Query User{C49491B4-1CDD-4152-9F9D-13F57D0961D7}c:\\program files\\internet download manager\\idman.exe"= TCP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM) "TCP Query User{ACED7AD6-DCAF-49F4-AFF2-BCE31D061E9B}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer "UDP Query User{5CC8D909-E25D-4D62-A9AA-9A914511D029}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer "{46C1624D-DEC6-45BA-8C6D-F74E4B3CFC08}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{216DA21D-E274-4F46-A0F0-35377379AC80}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{A81602BD-5283-4337-ABCD-DC87055B218A}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{3A951DDA-27EF-44BA-AB10-BB4FDF408DFC}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "{98DCE7C0-D1F9-4D4E-AE25-ABAFC19D9A3B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{738405EB-A673-401B-948B-2567FA87F1E5}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype R4 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S4 gupdate1c95e4056d7d8d0;Google Update Service (gupdate1c95e4056d7d8d0);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 119280] . Contents of the 'Scheduled Tasks' folder 2009-01-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 00:04] 2009-01-16 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-04-21 22:21] 2009-01-05 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-04-21 22:21] 2009-01-16 c:\windows\Tasks\User_Feed_Synchronization-{84B48C1F-F902-4578-81EB-EFCD09CA99E9}.job - c:\windows\system32\msfeedssync.exe [2008-01-18 22:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html IE: E&xport to Microsoft Excel - c:\office11\EXCEL.EXE/3000 . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-16 23:47:26 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1829870228-2469409553-779331432-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):d3,27,c3,a7,a7,60,b9,10,17,1d,4d,2f,e5,7b,01,6c,e6,58,89,51,fe, e3,7f,8b,2a,fc,7d,7f,a3,5d,0c,ee,d4,c5,dd,c2,8c,7f,9c,ad,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-1829870228-2469409553-779331432-1000_Classes\CLSID\{fc939414-aa92-4118-afd8-d2fae174aa82}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000145 "Therad"=dword:0000001e . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\System32\Ati2evxx.exe c:\windows\System32\AEADISRV.EXE c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE c:\windows\System32\conime.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\dllhost.exe . ************************************************************************ . Completion time: 2009-01-16 23:50:40 - machine was rebooted [bosko] ComboFix-quarantined-files.txt 2009-01-16 22:50:37 ComboFix2.txt 2009-01-16 21:57:10 Pre-Run: 49.790.996.480 bytes free Post-Run: 49,738,473,472 bytes free 252 --- E O F --- 2009-01-14 21:41:14

Profil

dr_Bora Poslao: 17 Jan 2009 10:04 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo izgleda čisto. Kakvo je sada stanje?

Profil

boskosn Poslao: 17 Jan 2009 16:32 Idi na vrh
offline boskosn Novi MyCity građanin Pridružio: 17 Jun 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! sada radi...valjda ce biti dobro..) hvala ti puno Dopuna: 17 Jan 2009 16:30 opet isto.... event viewer pokazuje Aplikacija koja je prouzrokovala grešku iexplore.exe, verzija 7.0.6001.18000, vremenska oznaka 0x47918f11, modul koji je prouzrokovao grešku comctl32.dll, verzija 6.10.6001.18000, vremenska oznaka 0x4791a752, kôd izuzetka 0xc0000409, pomak greške 0x00017b62, ID procesa 0xa04, vreme početka aplikacije 0x01c978b2844e58ba. Dopuna: 17 Jan 2009 16:32

Profil

dr_Bora Poslao: 18 Jan 2009 02:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne razumem šta je isto. Kakve veze ima to što ti se srušio IE sa tim što ti se ranije restartovao kompjuter?

Profil

boskosn Poslao: 19 Jan 2009 20:42 Idi na vrh
offline boskosn Novi MyCity građanin Pridružio: 17 Jun 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! opet se restaruje "po svom planu"... mislio sam da je do ie..

Profil

dr_Bora Poslao: 19 Jan 2009 21:18 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi svež ComboFix logfile.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Racunar se sam restartuje

Ko je trenutno na forumu

Ukupno su 498 korisnika na forumu :: 4 registrovanih, 1 sakriven i 493 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: procesor, S1Mk3, sasa76, Shilok

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by