MyCity » Ambulanta -> Arhiva Ambulante » Windows mi ne prepoznaje User-a

Windows mi ne prepoznaje User-a

Napisano na dan: 7.7.2008
1

Windows mi ne prepoznaje User-a
Sledeća strana Pagination

Idi na vrh

Poslao: 07 Jul 2008 16:22
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Logfile of HijackThis v1.99.1
Scan saved at 4:18:45 PM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\TEMP\Desktop\Toma1\Tt2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {080F091E-1FD0-42AD-BEAC-CFFDD3F3EFA2} - C:\WINDOWS\system32\byXQIaYS.dll (file missing)
O2 - BHO: QXK Olive - {0BB40FCB-2340-4B4D-984D-C7A68DFD0244} - C:\WINDOWS\kgqfweltpen.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VideoCodec Class - {926A61C9-5C20-4583-ACA7-ACE21088816E} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: (no name) - {9A0F9C67-DCC9-4E5F-AA21-65291D464474} - C:\WINDOWS\system32\ljJDsQJD.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE99EB12-A2D7-42D7-8BC2-754431199E2F} - C:\WINDOWS\system32\urqPhGxw.dll
O2 - BHO: (no name) - {C395209A-08E5-40CB-86DA-C5E92500E470} - C:\WINDOWS\system32\cbXQIBSJ.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: nqgpedlr - {D4919423-011C-4FDA-8AC1-6A37E496EC39} - C:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [7431cb23] rundll32.exe "C:\WINDOWS\system32\yqflguyl.dll",b
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\pc\LOCALS~1\Temp\atmadm2.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8C0B93A-3D80-4769-9F3C-500C45F48A1C}: NameServer = 194.106.162.10 194.106.162.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: urqPhGxw - C:\WINDOWS\SYSTEM32\urqPhGxw.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Poslao: 07 Jul 2008 16:28
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-----------------------------
Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 07 Jul 2008 16:31
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Nanon paljenja racunara izadje mi obavestenje da >user environment<?? Nakon toga Windows krece sa >Personalized settings> i sam ucitava osnovne programe. Odmah iza W XP pocinje u start meniju da mi nudi Tour Windows-a. Inace radi usporeno a i kad mu sredim Start meni i upamtim izmene nakon gasenja on ne prepoynaje te izmene.???

Poslao: 07 Jul 2008 16:36
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Uradi kako sam gore rekao.

Poslao: 07 Jul 2008 17:49
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

ComboFix 08-07-05.1 - pc 2008-07-07 16:38:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.252 [GMT 2:00]
Running from: C:\Documents and Settings\TEMP\Desktop\Toma1\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCPrivacyCleaner
C:\WINDOWS\evdq.exe
C:\WINDOWS\system32\cbXQIBSJ.dll
C:\WINDOWS\system32\DJQsDJjl.ini
C:\WINDOWS\system32\DJQsDJjl.ini2
C:\WINDOWS\system32\egqcjqdc.ini
C:\WINDOWS\system32\JSBIQXbc.ini
C:\WINDOWS\system32\JSBIQXbc.ini2
C:\WINDOWS\system32\lyuglfqy.ini
C:\WINDOWS\system32\lyuglfqy.ini2
C:\WINDOWS\system32\lyuglfqy.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\oviavprg.ini
C:\WINDOWS\system32\qkhosipi.ini
C:\WINDOWS\system32\SYaIQXyb.ini
C:\WINDOWS\system32\SYaIQXyb.ini2
C:\WINDOWS\system32\urqPhGxw.dll
C:\WINDOWS\system32\winsys.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-07 17:11 . 2008-07-07 17:11 <DIR> d-------- C:\Documents and Settings\pc.VARGA
2008-07-06 23:57 . 2008-07-07 00:00 <DIR> d-------- C:\effbot.exe
2008-07-06 01:25 . 2008-07-06 01:25 244 --ah----- C:\sqmnoopt00.sqm
2008-07-06 01:25 . 2008-07-06 01:25 232 --ah----- C:\sqmdata00.sqm
2008-07-06 01:09 . 2008-07-06 01:09 88,576 --a------ C:\WINDOWS\system32\yqflguyl.dll
2008-07-06 00:43 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-07-06 00:28 . 2008-07-06 00:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-06 00:24 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-07-05 12:16 . 2008-07-05 12:16 318,720 --a------ C:\WINDOWS\system32\byXQIaYS.dll_old
2008-07-05 02:17 . 2008-07-05 02:20 193 --a------ C:\WINDOWS\wininit.ini
2008-07-05 00:03 . 2008-07-04 23:59 691,545 --a------ C:\WINDOWS\unins000.exe
2008-07-05 00:03 . 2008-07-05 00:03 2,537 --a------ C:\WINDOWS\unins000.dat
2008-07-04 23:53 . 2008-07-05 00:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-04 23:53 . 2008-07-05 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 23:17 . 2008-07-04 23:32 <DIR> d-------- C:\Program Files\Pawn 2
2008-07-04 20:42 . 2008-07-04 20:42 89,088 --a------ C:\WINDOWS\system32\cdqjcqge.dll
2008-07-04 17:53 . 2008-07-04 12:19 303,104 --a------ C:\WINDOWS\kgqfweltpen.dll
2008-07-04 17:53 . 2008-07-04 12:19 200,704 --------- C:\WINDOWS\axrfgvek.dll
2008-07-04 17:53 . 2008-07-04 12:19 86,016 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-04 15:25 . 2008-07-04 15:26 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-29 12:58 . 2004-08-04 03:07 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-29 01:26 . 2008-06-29 01:26 <DIR> d-------- C:\Program Files\SanDisk
2008-06-28 15:11 . 2008-06-28 15:11 <DIR> d-------- C:\Program Files\Robster Productions
2008-06-26 19:43 . 2008-06-26 19:43 <DIR> d-------- C:\Program Files\Analog Devices
2008-06-26 19:31 . 2004-08-03 22:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-06-26 19:31 . 2004-08-03 22:39 142,464 --a--c--- C:\WINDOWS\system32\dllcache\aec.sys
2008-06-26 19:31 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-06-26 19:31 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-06-26 19:31 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-06-26 19:31 . 2001-08-17 14:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
2008-06-26 19:31 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-06-26 19:31 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
2008-06-26 19:31 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-06-26 19:31 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-06-26 19:29 . 2001-09-19 14:47 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2008-06-26 19:29 . 2001-09-19 14:32 720,896 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
2008-06-26 19:29 . 2001-09-19 14:47 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll
2008-06-26 19:29 . 2001-09-19 14:32 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2008-06-26 19:21 . 2008-06-26 19:21 <DIR> d-------- C:\Program Files\VIA
2008-06-26 19:21 . 2003-10-31 05:22 77,312 -ra------ C:\WINDOWS\system32\drivers\viasraid.sys
2008-06-26 19:19 . 2003-04-15 10:59 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-06-26 19:19 . 2008-06-26 19:38 2,881 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-06-26 18:11 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-26 18:06 . 2008-06-26 18:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-26 17:44 . 2008-06-26 17:44 <DIR> d--hs---- C:\found.000
2008-06-26 15:12 . 2008-06-26 15:12 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-26 15:12 . 2008-06-26 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-06-26 12:11 . 2008-06-26 12:12 <DIR> d-------- C:\Program Files\ScriptCryptor
2008-06-26 00:26 . 2008-07-04 18:21 <DIR> d-------- C:\Program Files\Quick Batch File Compiler
2008-06-26 00:19 . 2008-06-26 00:19 <DIR> d-------- C:\Program Files\SAGEM
2008-06-25 23:46 . 2008-06-25 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-06-25 23:45 . 2008-06-24 20:18 211 --a------ C:\boot.ini.comodofirewall
2008-06-25 23:44 . 2008-06-25 23:44 <DIR> d-------- C:\Program Files\Comodo
2008-06-25 21:31 . 2008-07-07 16:02 53 --a------ C:\biosinfo
2008-06-25 21:29 . 2006-02-15 19:15 176,128 --a------ C:\WINDOWS\autoclk.exe
2008-06-25 21:29 . 2008-06-26 00:19 990 --a------ C:\WINDOWS\adiras.ini
2008-06-25 21:22 . 2008-06-26 15:11 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-25 21:20 . 2008-06-25 21:20 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-06-25 21:20 . 2003-09-20 00:45 21,248 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-06-25 21:19 . 2008-06-25 21:19 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-25 21:19 . 1995-08-01 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-06-25 21:18 . 2008-06-25 21:18 <DIR> d-------- C:\WINDOWS\PixArt
2008-06-25 21:18 . 2008-07-02 15:46 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-25 21:18 . 2008-06-25 21:18 <DIR> d-------- C:\Program Files\Trust
2008-06-25 21:18 . 2008-06-25 21:18 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2008-06-25 21:18 . 2008-06-26 15:09 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-25 21:16 . 2008-06-25 21:16 0 --a------ C:\WINDOWS\msicpl.ini
2008-06-25 21:07 . 2004-08-04 09:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-25 21:07 . 2004-08-04 09:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-06-25 21:07 . 2004-08-04 07:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-25 21:07 . 2004-08-04 07:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-06-25 21:07 . 2001-08-17 22:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-25 21:07 . 2001-08-17 22:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-25 21:05 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-25 21:05 . 2004-08-04 08:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-25 21:05 . 2001-08-17 23:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-25 21:05 . 2001-08-17 23:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-25 19:17 . 2008-06-25 19:30 <DIR> d-------- C:\WINDOWS\vf_hip
2008-06-25 19:17 . 2008-06-25 19:17 32 --a------ C:\WINDOWS\go
2008-06-25 19:13 . 2008-06-25 19:30 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-06-25 18:39 . 2003-06-19 02:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-25 18:39 . 2008-07-07 00:02 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-25 18:37 . 2008-06-25 18:37 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-25 18:37 . 2008-06-25 18:37 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-25 18:37 . 2008-06-25 18:37 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-25 18:36 . 2008-06-25 18:36 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-25 18:35 . 2008-06-25 18:37 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-25 18:29 . 2008-07-06 20:44 <DIR> d-------- C:\Program Files\Windows Live
2008-06-25 18:29 . 2008-06-25 18:29 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-25 18:28 . 2008-06-25 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-25 18:26 . 2008-06-25 18:26 229,376 --a------ C:\WINDOWS\system32\RichVideoCodec.dll
2008-06-25 18:18 . 2008-06-25 18:31 <DIR> d-------- C:\Documents and Settings\pc\Contacts
2008-06-25 18:18 . 2006-09-25 01:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-06-25 18:18 . 2007-09-05 02:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-25 18:18 . 2007-09-21 10:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-06-25 18:18 . 2007-10-04 01:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-06-25 18:17 . 2008-06-25 18:17 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-25 18:17 . 2007-09-29 02:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-25 18:17 . 2007-07-25 23:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-25 18:17 . 2007-09-29 02:05 739,840 --a------ C:\WINDOWS\system32\divx.dll
2008-06-25 18:17 . 2007-03-10 21:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-25 18:17 . 2004-01-26 02:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-25 18:17 . 2007-09-29 02:05 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-06-25 18:17 . 2007-07-30 01:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-25 18:17 . 2007-07-11 02:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-25 18:16 . 2008-06-25 18:16 <DIR> d-------- C:\Program Files\Winamp
2008-06-25 18:15 . 2008-06-25 18:15 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-25 18:15 . 2008-06-25 18:15 <DIR> d-------- C:\Program Files\Ahead
2008-06-25 18:15 . 2001-07-06 23:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-06-25 18:15 . 2001-07-06 21:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-06-25 18:15 . 2001-07-07 03:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-06-25 18:15 . 2001-07-09 20:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-25 18:15 . 2004-03-04 06:30 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-25 18:15 . 2000-06-26 20:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-25 18:15 . 2001-06-26 17:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-06-25 18:15 . 2004-03-04 06:30 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-25 18:14 . 2008-07-04 22:09 <DIR> d-------- C:\Program Files\The KMPlayer
2008-06-25 18:13 . 2008-06-29 01:26 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 18:13 . 2008-06-25 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-25 18:13 . 2008-06-25 18:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-25 18:12 . 2008-06-25 18:13 <DIR> d-------- C:\Program Files\CyberLink
2008-06-25 18:12 . 2008-06-25 18:11 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-25 18:12 . 2008-06-25 18:11 353,840 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-25 18:10 . 2008-07-05 16:47 <DIR> d-------- C:\Program Files\Eset
2008-06-25 18:10 . 2008-06-25 18:10 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 00:14 90,112 ----a-w C:\WINDOWS\DUMP30c4.tmp
2008-06-25 22:19 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-06-24 18:26 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BB40FCB-2340-4B4D-984D-C7A68DFD0244}]
2008-07-04 12:19 303104 --a------ C:\WINDOWS\kgqfweltpen.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{926A61C9-5C20-4583-ACA7-ACE21088816E}]
2008-06-25 18:26 229376 --a------ C:\WINDOWS\system32\RichVideoCodec.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-25 18:10 949376]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 20:50 155648]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 03:15 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 04:37 69632]
"Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-06-26 12:41 1115728]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-16 16:51 7569408]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-16 16:51 86016]
"7431cb23"="C:\WINDOWS\system32\yqflguyl.dll" [2008-07-06 01:09 88576]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 21:06 62760]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-17 04:20 91432]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 07:59 57344 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-06-26 00:19:28 1205840]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2008-06-26 19:21:54 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 20:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-10-28 18:35 72736 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 12:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-13 21:08 1271032 E:\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 E:\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-06-25 16:10 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-04-16 16:51 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 05:22]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 09:12]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 22:48]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 22:47]

.
- - - - ORPHANS REMOVED - - - -

BHO-{080F091E-1FD0-42AD-BEAC-CFFDD3F3EFA2} - C:\WINDOWS\system32\byXQIaYS.dll
BHO-{9A0F9C67-DCC9-4E5F-AA21-65291D464474} - C:\WINDOWS\system32\ljJDsQJD.dll
Toolbar-{D4919423-011C-4FDA-8AC1-6A37E496EC39} - C:\WINDOWS\nqgpedlr.dll
HKLM-Run-DelayLoad - C:\DOCUME~1\pc\LOCALS~1\Temp\atmadm2.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-07 17:12:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\yqflguyl.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-07 17:17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-07 15:16:53

Pre-Run: 15,204,429,824 bytes free
Post-Run: 15,144,570,880 bytes free

263 --- E O F --- 2008-06-26 13:49:45

Evo to je to.Inace Combo mi je restartovao PC i isto je ponasanje...

Dopuna: 07 Jul 2008 17:35

Doktore pomagaj ubice me deca,Sj...ao sam im PC po treci put...

Dopuna: 07 Jul 2008 17:49

Doco, jel jos da cekam il mogu dole do dragstora na hladno vopi,a?

Poslao: 07 Jul 2008 19:28
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Idi na pivo, posto i ja moram do radnje da nesto pojedem. Pa se cujemo u toku veceri.....

Dopuna: 07 Jul 2008 19:28

Ponovo iskljuci antivirus kako sam ti malo pre rekao i uradi sledece:

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\kgqfweltpen.dll
C:\WINDOWS\system32\RichVideoCodec.dll
C:\WINDOWS\system32\yqflguyl.dll
C:\WINDOWS\system32\byXQIaYS.dll_old
C:\WINDOWS\system32\cdqjcqge.dll
C:\WINDOWS\kgqfweltpen.dll
C:\WINDOWS\axrfgvek.dll
C:\WINDOWS\mrvtdpqe.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BB40FCB-2340-4B4D-984D-C7A68DFD0244}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{926A61C9-5C20-4583-ACA7-ACE21088816E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7431cb23"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 07 Jul 2008 22:15
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Doco, sve sam odradio do CFScript-a na Desktopu.Medjutim ne mogu da nadjem C ombo Fix , jednostavno ga nema u racunaru. Sta da radim?

Dopuna: 07 Jul 2008 22:15

Da li da ponovo skinem Combo Fix?

Poslao: 07 Jul 2008 22:23
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

ComboFix ti se nalazi na Desktopu, u folderu Toma1.
Receno je gore da ga skines na desktop, ne u poseban folder. Ne bi doslo do zabune da si doslovno pratio nasa uputstva.

Poslao: 07 Jul 2008 22:31
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Da ali tog foldera vise nema a ja ga nisam brisao?

Poslao: 07 Jul 2008 22:36
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini onda ponovo. Mozda ga je neko drugi, ko jos radi na tom kompu, obrisao.

MyCity » Ambulanta -> Arhiva Ambulante » Windows mi ne prepoznaje User-a

Ko je trenutno na forumu
 

Ukupno su 927 korisnika na forumu :: 12 registrovanih, 2 sakrivenih i 913 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, _Sale, A.R.Chafee.Jr., bobomicek, Dimitrise93, Koridor, Milos82, mrav pesadinac, novator, shaja1, vathra, zziko