MyCity » Ambulanta -> Arhiva Ambulante » XP neradi kao nekad

XP neradi kao nekad

Napisano na dan: 17.1.2008
1

XP neradi kao nekad
Sledeća strana Pagination

Idi na vrh

Poslao: 17 Jan 2008 07:30
Idi na vrh
offline
  • Glisic Predrag
  • vet
  • Pridružio: 05 Okt 2007
  • Poruke: 8
  • Gde živiš: Mladenovac

-XP neradi kao nekad-Moja internet brzina 1024/128.....evo i mog log filea.Hvala unapred!!!!

Logfile of HijackThis v1.99.1
Scan saved at 7:04:04, on 17.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Prle\Desktop\hidjac this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: dloader Toolbar - {d4e072dd-f9ed-48a9-bfeb-281ff450d298} - C:\Program Files\dloader\tbdloa.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: dloader Toolbar - {d4e072dd-f9ed-48a9-bfeb-281ff450d298} - C:\Program Files\dloader\tbdloa.dll
O3 - Toolbar: dloader Toolbar - {d4e072dd-f9ed-48a9-bfeb-281ff450d298} - C:\Program Files\dloader\tbdloa.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe



Poslao: 17 Jan 2008 10:26
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Pošalji mi file: C:\Program Files\dloader\tbdloa.dll

preko sledećeg linka: [Link mogu videti samo ulogovani korisnici]


-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 17 Jan 2008 11:32
Idi na vrh
offline
  • Glisic Predrag
  • vet
  • Pridružio: 05 Okt 2007
  • Poruke: 8
  • Gde živiš: Mladenovac

ComboFix 08-01-17.5 - Prle 2008-01-17 11:08:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.605 [GMT 1:00]
Running from: C:\Documents and Settings\Prle\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-17 11:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 10:09 . 2008-01-17 10:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-17 10:09 . 2008-01-17 10:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-17 03:29 . 2008-01-17 03:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-17 03:13 . 2008-01-17 05:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-17 02:46 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-17 02:45 . 2008-01-17 02:48 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2008-01-17 00:41 . 2008-01-17 01:27 <DIR> d-------- C:\Program Files\totalcmd
2008-01-17 00:15 . 2008-01-17 00:15 125 --a------ C:\ioSpecial.ini
2008-01-16 22:56 . 2008-01-16 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-01-16 21:55 . 2008-01-16 21:56 <DIR> d-------- C:\Program Files\Mystery Solitaire - Secret Island
2008-01-16 21:52 . 2008-01-16 21:53 <DIR> d-------- C:\Program Files\Hidden Expedition - Everest
2008-01-15 19:28 . 2008-01-15 19:28 <DIR> d-------- C:\Program Files\MSECache
2008-01-15 19:22 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-15 19:21 . 2008-01-15 19:21 <DIR> d-------- C:\Program Files\MSBuild
2008-01-15 19:21 . 2008-01-15 19:21 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-15 19:20 . 2008-01-15 19:20 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-15 19:17 . 2008-01-15 19:17 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-15 19:16 . 2008-01-15 19:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-15 19:15 . 2008-01-15 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-15 19:14 . 2008-01-15 19:14 <DIR> dr-h----- C:\MSOCache
2008-01-15 18:30 . 2008-01-15 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-01-15 18:28 . 2008-01-15 18:28 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-15 12:18 . 2008-01-17 10:59 6,656 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-15 08:54 . 2003-12-02 00:12 7,168 --a------ C:\WINDOWS\system\vdremote.dll
2008-01-15 08:54 . 2003-12-02 00:11 5,120 --a------ C:\WINDOWS\system\vdsvrlnk.dll
2008-01-15 03:52 . 2008-01-15 03:52 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-15 03:50 . 2001-07-05 17:19 164 -r------- C:\WINDOWS\avrack.ini
2008-01-15 03:49 . 2008-01-15 03:50 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-15 03:06 . 2008-01-15 03:06 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-01-15 03:06 . 2008-01-17 10:41 <DIR> d-------- C:\Documents and Settings\Prle\Application Data\MegauploadToolbar
2008-01-15 02:50 . 2008-01-15 02:50 <DIR> d-------- C:\Program Files\SigmaTel
2008-01-14 23:03 . 2008-01-14 23:03 <DIR> d-------- C:\Program Files\Pizza Chef
2008-01-14 21:55 . 2008-01-14 21:55 <DIR> d-------- C:\Program Files\Chocolatier 2 - Secret Ingredients
2008-01-14 20:29 . 2008-01-14 20:29 <DIR> d-------- C:\Program Files\Hot Dish
2008-01-14 20:29 . 2008-01-14 20:29 <DIR> d-------- C:\Documents and Settings\Prle\Application Data\Valusoft
2008-01-14 20:29 . 2008-01-14 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-01-14 20:23 . 2008-01-14 20:23 <DIR> d-------- C:\Program Files\bfgclient
2008-01-14 20:23 . 2008-01-14 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-01-14 12:50 . 2008-01-14 20:50 <DIR> d-------- C:\Program Files\armagedon 2007
2008-01-14 02:41 . 2008-01-14 12:55 <DIR> d-------- C:\Program Files\Power-Tarot
2008-01-14 01:34 . 2008-01-15 02:49 <DIR> d-------- C:\Program Files\Pro Pinball
2008-01-14 01:29 . 2008-01-14 01:29 <DIR> d-------- C:\Program Files\TLKGAMES
2008-01-14 00:53 . 2008-01-14 00:53 32 --a------ C:\WINDOWS\go
2008-01-13 22:38 . 2008-01-13 23:15 <DIR> d-------- C:\Program Files\3DText
2008-01-13 22:22 . 2008-01-13 23:33 <DIR> d-------- C:\Program Files\Flash Effect Maker
2008-01-13 18:59 . 2008-01-13 18:59 <DIR> d-------- C:\eJay
2008-01-13 01:11 . 2008-01-15 08:54 <DIR> d-------- C:\Program Files\virtual dab
2008-01-13 00:52 . 2008-01-16 20:58 23 --a------ C:\subp.out
2008-01-13 00:52 . 2008-01-16 20:58 0 --a------ C:\subp_data.out
2008-01-13 00:52 . 2008-01-16 20:58 0 --a------ C:\subfilter.out
2008-01-13 00:35 . 2004-05-10 00:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-01-13 00:35 . 2007-02-07 07:50 77,824 --a------ C:\WINDOWS\system32\FLKill.exe
2008-01-13 00:35 . 2008-01-13 00:35 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-01-13 00:34 . 2008-01-16 23:31 <DIR> d-------- C:\Program Files\Folder Lock
2008-01-12 22:46 . 2008-01-12 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-01-12 20:44 . 2008-01-12 20:44 <DIR> d-------- C:\Documents and Settings\Prle\Application Data\Jane s Hotel
2008-01-12 17:25 . 2008-01-12 17:25 <DIR> d-------- C:\Program Files\dloader
2008-01-12 17:25 . 2008-01-12 17:25 <DIR> d-------- C:\Program Files\Conduit
2008-01-12 14:33 . 2008-01-14 01:29 28 --a------ C:\WINDOWS\mscpt.dat
2008-01-12 02:16 . 2008-01-12 02:16 <DIR> d-------- C:\Documents and Settings\Prle\Application Data\Consultia
2008-01-12 01:28 . 2007-09-26 19:37 3,036,456 --a------ C:\WINDOWS\system32\BCGCBPRO860u80.dll
2008-01-12 01:28 . 2006-03-17 12:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-01-12 01:28 . 2006-03-17 12:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-01-12 01:28 . 2006-03-17 12:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-01-12 01:28 . 2006-03-17 15:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-01-12 01:28 . 2006-03-17 12:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-01-12 01:28 . 2007-09-26 19:37 33,576 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll
2008-01-11 15:18 . 2008-01-11 15:18 <DIR> d-------- C:\Documents and Settings\Prle\Application Data\Bassic Technologies
2008-01-11 15:18 . 2008-01-11 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bassic Technologies
2008-01-11 15:17 . 2008-01-11 15:17 <DIR> d-------- C:\Program Files\Bassic Technologies
2008-01-11 10:53 . 2008-01-11 10:53 <DIR> d-------- C:\Program Files\Haali
2008-01-11 10:51 . 2008-01-11 10:51 48,414 --a------ C:\WINDOWS\system32\uninst Codec pack Extend (ffdshow, h264, vp56).exe
2008-01-10 12:45 . 2008-01-10 12:45 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-10 09:54 . 2008-01-10 09:54 268 --ah----- C:\sqmdata00.sqm
2008-01-10 09:54 . 2008-01-10 09:54 244 --ah----- C:\sqmnoopt00.sqm
2008-01-10 07:22 . 2008-01-17 01:31 810 --a------ C:\WINDOWS\wincmd.ini
2008-01-10 07:22 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-01-10 07:22 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-01-10 07:22 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-01-10 07:22 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-01-10 07:22 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-01-10 07:22 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-01-10 07:22 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-01-10 03:11 . 2008-01-11 01:20 <DIR> d-------- C:\Program Files\Winamp
2008-01-10 03:11 . 2008-01-10 03:15 <DIR> d-------- C:\Documents and Settings\Prle\Application Data\Winamp
2008-01-09 06:50 . 2008-01-09 06:50 <DIR> d-------- C:\Program Files\URUSoft
2008-01-08 23:36 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-08 23:36 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-08 23:36 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-08 23:36 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-08 21:37 . 2008-01-08 21:37 <DIR> d-------- C:\Documents and Settings\Prle\Application Data\WtmCDProtect
2008-01-07 18:00 . 2008-01-12 18:48 <DIR> d-------- C:\Documents and Settings\Prle\Application Data\AdobeUM
2008-01-07 17:59 . 2008-01-07 17:59 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-07 16:23 . 2008-01-07 16:23 182 --a------ C:\WINDOWS\pdf2word.INI
2008-01-07 14:31 . 2008-01-07 14:31 <DIR> d-------- C:\WINDOWS\PrimoPDF
2008-01-07 14:31 . 2006-12-11 21:12 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2008-01-05 18:17 . 2005-06-24 16:24 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-01-05 18:17 . 2004-12-10 09:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-01-05 12:41 . 2008-01-05 14:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 07:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 14:35 --------- d-----w C:\Program Files\Opera
2007-12-28 09:13 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-26 14:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-26 13:45 --------- d-----w C:\Documents and Settings\Prle\Application Data\ESET
2007-12-26 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-12-26 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-26 12:46 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4e072dd-f9ed-48a9-bfeb-281ff450d298}]
2008-01-07 18:38 1530904 --a------ C:\Program Files\dloader\tbdloa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4E072DD-F9ED-48A9-BFEB-281FF450D298}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

[HKEY_CLASSES_ROOT\clsid\{d4e072dd-f9ed-48a9-bfeb-281ff450d298}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D4E072DD-F9ED-48A9-BFEB-281FF450D298}"= C:\Program Files\dloader\tbdloa.dll [2008-01-07 18:38 1530904]

[HKEY_CLASSES_ROOT\clsid\{d4e072dd-f9ed-48a9-bfeb-281ff450d298}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:56 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-10-25 09:26 1410304]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 22:12 577536 C:\WINDOWS\soundman.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:56 15360]

C:\Documents and Settings\Prle\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 1 (0x1)
"Start_EnabledDragDrop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-07-06 22:45]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17:39]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-12-30 19:39]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 16:54:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-01-17 11:11:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\Prle\LOCALS~1\Temp\catchme.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Completion time: 2008-01-17 11:13:18
.
2007-12-30 15:35:57 --- E O F ---

Dopuna: 17 Jan 2008 11:23

Zaboravio sam da napomenem da nemogu da udjem i u safe mod..

Dopuna: 17 Jan 2008 11:32

Uplodovao sam file: C:\Program Files\dloader\tbdloa.dll....

Poslao: 17 Jan 2008 11:40
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ništa maliciozno...

Prilično sam siguran da problemi nisu prouzrokovani malware-om, ali ćemo ipak još nešto proveriti...



Skini ovaj file i pokreni ga - proveri da li je sada proradio Safe Mode.



Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili

Poslao: 17 Jan 2008 12:31
Idi na vrh
offline
  • Glisic Predrag
  • vet
  • Pridružio: 05 Okt 2007
  • Poruke: 8
  • Gde živiš: Mladenovac

test 1

GMER 1.0.13.12551 - [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-01-17 12:16:00
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwCreateFile
SSDT spmm.sys ZwCreateKey
SSDT spmm.sys ZwEnumerateKey
SSDT spmm.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwOpenFile
SSDT spmm.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryDirectoryFile
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryInformationProcess
SSDT spmm.sys ZwQueryKey
SSDT spmm.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwSetInformationFile
SSDT spmm.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.13 ----

? spmm.sys The system cannot find the file specified.
.text USBPORT.SYS!DllUnload F682462C 5 Bytes JMP 863DC348
.text aoti9ev8.SYS F63AC384 1 Byte [ 20 ]
.text aoti9ev8.SYS F63AC386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text aoti9ev8.SYS F63AC3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text aoti9ev8.SYS F63AC3C4 3 Bytes [ 00, 00, 00 ]
.text aoti9ev8.SYS F63AC3C9 1 Byte [ 00 ]
.text ...

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[452] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[724] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 4 Bytes [ C2, 04, 00, 00 ]

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7413046] spmm.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7413142] spmm.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74130C4] spmm.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74137CE] spmm.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74136A4] spmm.sys
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!KfAcquireSpinLock] 6C000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!READ_PORT_UCHAR] 56000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!KeGetCurrentIrql] F4000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!KfRaiseIrql] EA000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!KfLowerIrql] 65000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!HalGetInterruptVector] 7A000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!HalTranslateBusAddress] AE000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!KeStallExecutionProcessor] 08000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!KfReleaseSpinLock] BA000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 78000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!READ_PORT_USHORT] 25000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 2E000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[HAL.dll!WRITE_PORT_UCHAR] 1C000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[WMILIB.SYS!WmiSystemControl] B4000000
IAT \SystemRoot\System32\Drivers\aoti9ev8.SYS[WMILIB.SYS!WmiCompleteRequest] C6000000
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F741ED7A] spmm.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8676B1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8676B1F8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B85844B2] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B8584BD2] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B858488E] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B85843C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B85843C8] eamon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [BAF444CA] epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [BAF444CA] epfwtdi.sys

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 863E8368
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 863E8368
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 863E8368
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863E8368
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 863E8368
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 863E8368
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 863E8368
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8676D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8676D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8676D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8676D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8676D1F8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE

Poslao: 17 Jan 2008 12:43
Idi na vrh
offline
  • Glisic Predrag
  • vet
  • Pridružio: 05 Okt 2007
  • Poruke: 8
  • Gde živiš: Mladenovac

test 2

GMER 1.0.13.12551 - [Link mogu videti samo ulogovani korisnici]
Autostart scan 2008-01-17 12:21:10
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ekrn /*Eset Service*/@ = "C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindServiceAE /*StarWind AE Service*/@ = C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@egui"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@GrooveMonitor"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Skype"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
@msnmsgr"C:\Program Files\MSN Messenger\msnmsgr.exe" /background = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*Eset Smart Security - Context Menu Shell Extension*/C:\Program Files\ESET\ESET Smart Security\shellExt.dll = C:\Program Files\ESET\ESET Smart Security\shellExt.dll
@{ABC70703-32AF-11d4-90C4-D483A70F4825} /*CMenuExtender*/C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll = C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} /*TuneUp Shredder Shell Extension*/C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
@{44440D00-FF19-4AFC-B765-9A0970567D97} /*TuneUp Theme Extension*/%SystemRoot%\System32\uxtuneup.dll = %SystemRoot%\System32\uxtuneup.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
@{0561EC90-CE54-4f0c-9C55-E226110A740C} /*Haali Column Provider*/C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll = C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
@{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} /*Haali Matroska Shell Property Page*/C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll = C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
@{327669A0-59A7-4be9-B99E-1C9F3A57611A} /*Haali Matroska Thumbnail Extractor*/C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll = C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Eset Smart Security - Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\ESET\ESET Smart Security\shellExt.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CMenuExtender@{ABC70703-32AF-11d4-90C4-D483A70F4825} = C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Eset Smart Security - Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\ESET\ESET Smart Security\shellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL = C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{d4e072dd-f9ed-48a9-bfeb-281ff450d298}C:\Program Files\dloader\tbdloa.dll = C:\Program Files\dloader\tbdloa.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = [Link mogu videti samo ulogovani korisnici]
@Start [Link mogu videti samo ulogovani korisnici]{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = [Link mogu videti samo ulogovani korisnici]{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start [Link mogu videti samo ulogovani korisnici]
= [Link mogu videti samo ulogovani korisnici]

@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
grooveLocalGWS@CLSID = C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\Prle\Start Menu\Programs\Startup >>>
RocketDock.lnk = RocketDock.lnk
TransBar.lnk = TransBar.lnk
UberIcon.lnk = UberIcon.lnk
Y'z Shadow.lnk = Y'z Shadow.lnk

---- EOF - GMER 1.0.13 ----


Safe mod jos ne radi

Poslao: 17 Jan 2008 23:31
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Upload-uj mi sledeći file: C:\Windows\System32\Drivers\aoti9ev8.SYS

Upload link: [Link mogu videti samo ulogovani korisnici]

-------------------------------------------------------------------------------------


Ponovi rootkit skeniranje sa Gmer-om (samo prvo skeniranje) i priloži snimljeni logfile uz poruku (koristi opciju Prikači fajl).

Poslao: 18 Jan 2008 06:46
Idi na vrh
offline
  • Glisic Predrag
  • vet
  • Pridružio: 05 Okt 2007
  • Poruke: 8
  • Gde živiš: Mladenovac

Nemogu da uplodujem fajl-- aoti9ev8.SYS--jer jednostavno nemogu da ga pronadjem na putanji-C:\Windows\System32\Drivers\aoti9ev8.SYS-proverio sam vise puta..sigurno ga nema.........

Prvo skeniranj Gmer-om;
[Link mogu videti samo ulogovani korisnici]

Dopuna: 18 Jan 2008 6:46

glisa05 ::Nemogu da uplodujem fajl-- aoti9ev8.SYS--jer jednostavno nemogu da ga pronadjem na putanji-C:\Windows\System32\Drivers\aoti9ev8.SYS-proverio sam vise puta..sigurno ga nema.........

Prvo skeniranj Gmer-om;
[Link mogu videti samo ulogovani korisnici]

Safe mod mi i dalje nece da mi se pokrene....???

Poslao: 18 Jan 2008 12:36
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovako... Ovde nema ni jednog traga malware-u.

Šta ti prouzrokuje probleme, to ti ne mogu reći. No, siguran sam da nisu prouzrokovani malware-om - stoga, ovde smo gotovi.
Ako želiš, možeš potražiti savet u nekom drugom podforumu (npr. Windows).

Mada, ja bih preporučio da odradiš Repair Windows-a, a ako to ne pomogne, onda ''čistu'' instalaciju. Naravno, ti odlučuješ...

Poslao: 18 Jan 2008 22:11
Idi na vrh
offline
  • Glisic Predrag
  • vet
  • Pridružio: 05 Okt 2007
  • Poruke: 8
  • Gde živiš: Mladenovac

Puno hvala na ulozenome trudu da mi pomognete i nasavetu...sve najbolje udaljem radu....!!!!!

MyCity » Ambulanta -> Arhiva Ambulante » XP neradi kao nekad

Ko je trenutno na forumu
 

Ukupno su 806 korisnika na forumu :: 87 registrovanih, 10 sakrivenih i 709 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 10x10.9, 1MAP, advokat84, aleksjevt, aleph_one, Apok, aramis s, AS, Asteker, bbogdan, bbrasnjo3, boromir, BORUTUS, Bosnjo, BrcakRS, BZ, ceman, Citalac, Clouseau, Colt D, Crazzer, Darth Malak, dekiz, del boy, deLacy, Dimitrije Paunovic, DJUNTA, DPera, draganca, dusanobr, Dvojac005, ghoost, Giskard, Goran_, GveX, ikan, JimmyNapoli, jodzula, Kajzer Soze, kaput21, kondenzator, Kružić, LostInSpaceandTime, marko.markovic, Marko00, max power, Metanoja, mix1, mkukoleca, mladen.zovko, morava_01, MR Z, mrkanidja, N.e.m.a.nj.a., Natuzzi, nebojsag, Orc, Podljub, PoolbegD02, Radoslava, rakivan, rovac, Samo gledam, Sharpshooter, skok, Sonic, Stanislav1970, Steeeefan, Tafocus, tanakadzo, Tankosić, tomo2, tooljan, ulogovan, vathra, VJ, Vlada1389, vladaa012, Vladoj, voja64, vrag81, Walkers, x9, Zastava, zule2, ZZZ, 800077