MyCity » Ambulanta -> Arhiva Ambulante » greska pri podizanju sistema

greska pri podizanju sistema

Napisano na dan: 5.6.2009

greska pri podizanju sistema
Sledeća strana Pagination

Idi na vrh

Poslao: 05 Jun 2009 23:12
Idi na vrh
offline
  • Pridružio: 29 Jul 2008
  • Poruke: 44

ovo se ne desava svaki put ali prijavljije mi neku gresku u vezi generic host procesa sumnjam na neki malware ako nije problem da proverite
hvala

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:25, on 5.6.2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kiki\Desktop\aabb\tr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9a2436824028e) (gupdate1c9a2436824028e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8530 bytes



Poslao: 06 Jun 2009 08:33
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

HJT log izgleda cist, ali ako hoces mozemo da uradimo jos jednu proveru.

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.



Poslao: 06 Jun 2009 20:01
Idi na vrh
offline
  • Pridružio: 29 Jul 2008
  • Poruke: 44

ComboFix 09-06-05.09 - Kiki 06.06.2009 19:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1462 [GMT 2:00]
Running from: c:\documents and settings\Kiki\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090605-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

.
((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2009-06-06 00:00 . 2009-06-06 00:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-05 23:48 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-05 23:48 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-05 23:48 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-05 23:48 . 2009-06-05 23:48 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-05 23:48 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-05 23:47 . 2009-06-05 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-01 20:58 . 2009-06-01 21:14 -------- d-----w- C:\(zabranjeno)
2009-06-01 08:31 . 2009-06-01 21:17 -------- d-----w- C:\FLEXLM
2009-05-31 18:57 . 2009-05-31 18:57 -------- d-----w- c:\program files\KONAMI
2009-05-27 17:27 . 2009-05-29 21:07 -------- d-----w- c:\program files\Championship Manager 01-02
2009-05-27 17:27 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-05-27 15:32 . 2009-05-27 15:33 -------- d-----w- c:\program files\Progetto Italiano 1
2009-05-19 23:52 . 2009-05-19 23:52 -------- d-----w- c:\documents and settings\Kiki\Local Settings\Application Data\Help
2009-05-19 20:14 . 2009-05-19 20:57 -------- d-----w- c:\program files\Doom 3
2009-05-19 00:44 . 2009-05-19 00:43 24312696 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\NokiaSoftwareUpdaterSetup_1.6.11EN.exe
2009-05-19 00:44 . 2009-05-19 00:44 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\msxml6Exec.exe
2009-05-19 00:44 . 2009-05-19 00:44 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\Sleep.exe
2009-05-19 00:44 . 2009-05-19 00:44 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\vcredistExec.exe
2009-05-19 00:10 . 2009-06-01 21:22 347608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-19 00:08 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-05-19 00:08 . 2009-05-19 00:08 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-19 00:07 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-05-19 00:07 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-19 00:07 . 2009-02-09 05:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-05-19 00:07 . 2009-02-09 05:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-05-19 00:07 . 2009-02-09 05:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-05-19 00:07 . 2009-02-09 05:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-05-19 00:07 . 2009-05-19 00:06 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-05-19 00:06 . 2009-05-19 00:06 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-19 00:06 . 2009-05-19 00:06 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-19 00:06 . 2009-05-19 00:06 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-18 21:15 . 2009-05-18 21:15 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-05-12 20:25 . 2009-05-12 20:25 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-12 20:25 . 2009-05-12 20:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-08 22:52 . 2009-05-08 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NevoSoft Games
2009-05-08 22:51 . 2009-05-08 22:51 -------- d-----w- C:\games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 17:37 . 2008-03-14 23:00 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 4
2009-06-06 00:10 . 2008-04-11 16:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-06 00:04 . 2008-12-05 18:50 -------- d-----w- c:\program files\Spyware Doctor
2009-06-04 23:48 . 2008-03-02 11:34 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2009-06-04 22:00 . 2008-03-03 11:36 -------- d-----w- c:\documents and settings\Kiki\Application Data\LimeWire
2009-06-03 03:25 . 2009-03-07 15:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-01 21:39 . 2009-04-08 02:33 -------- d-----w- c:\program files\Common Files\Alias Shared
2009-06-01 21:39 . 2008-05-19 21:06 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-01 20:43 . 2009-03-20 00:29 -------- d-----w- c:\documents and settings\Kiki\Application Data\Autodesk
2009-06-01 20:41 . 2009-03-14 19:42 -------- d-----w- c:\program files\Autodesk
2009-06-01 08:39 . 2008-05-19 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-05-27 00:09 . 2008-03-02 21:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-25 01:50 . 2008-03-03 11:16 -------- d-----w- c:\program files\LimeWire
2009-05-20 00:16 . 2009-05-06 02:58 -------- d-----w- c:\documents and settings\Kiki\Application Data\Hoyle Puzzle and Board Games
2009-05-19 20:56 . 2008-03-01 18:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 00:45 . 2008-03-03 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-19 00:09 . 2008-03-03 22:05 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-19 00:07 . 2008-03-03 22:04 -------- d-----w- c:\program files\Nokia
2009-05-17 22:36 . 2008-03-03 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-06 02:58 . 2009-05-06 02:58 -------- d-----w- c:\documents and settings\Kiki\Application Data\Hoyle FaceCreator
2009-05-04 23:37 . 2009-05-04 23:37 -------- d-----w- c:\program files\Blade
2009-05-01 21:27 . 2009-05-01 21:27 -------- d-----w- c:\program files\Eagle Dynamics
2009-04-30 23:51 . 2009-04-04 17:44 -------- d-----w- c:\documents and settings\Kiki\Application Data\Microsoft Games
2009-04-30 22:29 . 2008-03-01 14:58 87128 ----a-w- c:\documents and settings\Kiki\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 00:53 . 2008-03-02 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-30 00:44 . 2008-03-02 17:36 -------- d-----w- c:\program files\Microsoft Works
2009-04-25 00:36 . 2009-01-26 20:10 -------- d-----w- c:\documents and settings\Kiki\Application Data\DAEMON Tools Lite
2009-04-25 00:35 . 2009-04-25 00:34 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-04-25 00:35 . 2008-06-22 22:57 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-04-24 23:50 . 2008-03-02 17:40 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-23 21:05 . 2009-04-23 21:05 -------- d-----w- c:\program files\Common Files\Softimage
2009-04-23 16:33 . 2008-03-02 18:00 -------- d-----w- c:\program files\Winamp
2009-04-23 15:06 . 2009-04-17 13:38 -------- d-----w- c:\documents and settings\Kiki\Application Data\X-NetStat
2009-04-22 21:11 . 2009-04-22 21:11 -------- d-----w- c:\program files\RapidShare Mass Downloader
2009-04-22 12:23 . 2008-03-26 17:29 -------- d-----w- c:\documents and settings\Kiki\Application Data\Audio Record Edit Toolbox
2009-04-17 13:38 . 2009-04-17 13:38 -------- d-----w- c:\program files\X-NetStat Professional
2009-04-15 20:37 . 2009-04-15 20:37 -------- d-----w- c:\program files\Alwil Software
2009-04-15 20:07 . 2008-04-11 12:34 -------- d-----w- c:\program files\Kaspersky Lab
2009-04-15 19:23 . 2009-03-11 20:44 -------- d-----w- c:\documents and settings\Kiki\Application Data\MAXON
2009-04-09 23:20 . 2009-04-09 23:20 -------- d-----w- c:\program files\iTunes
2009-04-09 23:20 . 2009-04-09 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-09 23:20 . 2009-04-09 23:20 -------- d-----w- c:\program files\iPod
2009-04-09 23:20 . 2008-03-03 23:07 -------- d-----w- c:\program files\Common Files\Apple
2009-04-09 23:18 . 2008-03-03 23:09 -------- d-----w- c:\program files\Bonjour
2009-04-09 23:18 . 2009-04-09 23:17 -------- d-----w- c:\program files\QuickTime
2009-04-09 22:59 . 2009-04-09 22:59 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-08 20:02 . 2008-05-28 12:57 -------- d-----w- c:\documents and settings\Kiki\Application Data\Hamachi
2009-04-08 14:34 . 2008-05-27 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-29 12:14 . 2009-03-29 12:14 207872 ----a-w- c:\documents and settings\Kiki\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-03-29 12:14 . 2009-03-29 12:14 207872 ----a-w- c:\documents and settings\Kiki\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-03-29 12:14 . 2009-03-29 12:14 207872 ----a-w- c:\documents and settings\Kiki\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-03-29 12:14 . 2009-03-29 12:14 207872 ----a-w- c:\documents and settings\Kiki\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 02:04 . 2008-11-22 23:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-19 01:56 . 2009-03-19 01:56 152576 ----a-w- c:\documents and settings\Kiki\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-13 20:03 . 2009-03-13 20:03 2141 ----a-w- c:\documents and settings\Kiki\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-03-13 20:03 . 2009-03-13 20:03 2099 ----a-w- c:\documents and settings\Kiki\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-03-13 19:58 . 2009-03-13 19:58 1229 ----a-w- c:\documents and settings\Kiki\Application Data\.purple\certificates\x509\tls_peers\login.facebook.com
2008-06-23 09:51 . 2008-06-23 09:51 0 --sha-w- c:\windows\SF6315E56.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-11-30 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-30 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kiki^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Kiki\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TwonkyMedia"=2 (0x2)
"mi-raysat_3dsmax2010_32"=2 (0x2)
"mi-raysat_3dsMax2008_32"=2 (0x2)
"gupdate1c9a2436824028e"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/6/2009 1:48 AM 130936]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [7/5/2006 2:46 PM 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/15/2009 10:38 PM 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2/1/2008 5:24 PM 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/15/2009 10:38 PM 20560]
R2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [3/2/2008 7:10 PM 291768]
R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\BTTUNER.SYS [3/2/2008 7:11 PM 21288]
R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\BTXBAR.SYS [3/2/2008 7:11 PM 12568]
S2 gupdate1c9a2436824028e;Google Update Service (gupdate1c9a2436824028e);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2009 2:17 PM 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/5/2008 8:50 PM 348752]
S4 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 5:36 PM 86016]
S4 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [11/7/2007 4:34 PM 98840]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-06-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 12:17]

2009-06-06 c:\windows\Tasks\User_Feed_Synchronization-{B7A58281-518D-406B-8F08-F0349F74EE73}.job
- c:\windows\system32\msfeedssync.exe [2007-12-29 03:31]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kiki\Application Data\Mozilla\Firefox\Profiles\xllmwgap.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 4\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-06-06 19:56
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-436374069-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{03B6550E-15D4-2AF2-3D70-0A74B79B342C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abedbcmgaonbnbeeibofcldbapnlgboojp"=hex:69,61,66,63,67,68,6a,6b,6f,6c,65,6e,
6c,6b,6d,62,6b,70,00,00
"maddgbgangijidmdpliekhkmdm"=hex:6f,61,69,61,64,61,6b,64,6d,6f,6e,6a,68,64,67,
70,65,61,69,6e,6c,6a,64,62,6e,6b,6f,61,61,69,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\myokent.dll

- - - - - - - > 'lsass.exe'(808-)
c:\windows\system32\myokent.dll
.
Completion time: 2009-06-06 19:59
ComboFix-quarantined-files.txt 2009-06-06 17:59
ComboFix2.txt 2008-12-29 22:18

Pre-Run: 3.837.157.376 bytes free
Post-Run: 3.873.296.384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

263

Poslao: 07 Jun 2009 08:39
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

@kikisp ovde je sve cisto, nema znakova malware. Sto se tice tvog problema potrazi savet u windows forumu, vec je bilo reci o slicnom problemu. Pozdrav.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

MyCity » Ambulanta -> Arhiva Ambulante » greska pri podizanju sistema

Ko je trenutno na forumu
 

Ukupno su 1747 korisnika na forumu :: 227 registrovanih, 17 sakrivenih i 1503 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -Max-, 100jan, 1MAP, 357magnum, ALEKSICMILE, aleph_one, Alexa77, Alojzije, Apok, Aristotle2002, Armadillo, asdfjklc, Avalon015, BAKI89, Bane san, Bane5, Batko.VD.65, BB, Betta, Bgd123, Bickoooo, Bobrock1, Bodin86, bojan313, bojank, bojanM84, Bombona, boro975, boromir, bounty hunters, bozomotika, BradaRS, branko7, Bubimir, cekic, ceman, Centauro, CHARLIE JA., Citalac, comi, CraniumWhite, Dambi, dane007, darios, darkdruid72, dayal, Dd41d41, Dekanovic, dekiz, deks, delboy, Denaya, deri3891, DezurniOperativni, Dimitrije Paunovic, dimitrije.muzur, djordjemiklusev, DJUNTA, djuradj, Djuza, dnevnasoba, dnr, dragoljub11987, Drugard72, Duce, Duk011, Dzuki, EXIT78, Feller, FGR, flash12, Fructo, Fulcrum, Gogi_avio, goran.vvv, Grochow, GT, HrcAk47, ibssa, igorkozar83, Imperator_Aleksandr_lll, Insan, Jakonjveliki, jalos, Jan, Jaxupa, jeen yuhs, jodzula, Kajzer Soze, kaput21, karevski, Kazablankasrb, knutveliki, Kobrim, kovacicbozo, kozhedub, kreker, Kriglord, Kruger, Kubovac, kunktator, Kupresko polje, kybonacci, laganini123, Leonov, Lino, Lošmi, Luke Pathfinder, Macalone, majstro, mariwoj63, marko.markovic, Marko00, maxim_von_burdengate, mb1213, medaTT, Meklejn, Might is Right, Miki281, Milan 84, milanpb, mile.ilic75, mile33, MILO-VAN, Milun24, Mis uz pusku, mist-mist, Mita038, Mitch22, Mitrast, MK10, mkukoleca, mnn2, monomah, Mozgonja, mrm, Mzee, neko iz mase, Nemanja.M, Nemanja94, nenad81, Neutral-M, neutrino, Njubara, Nole, nsharambasa, ObicanUser, Orfanelin, OsmatracIzDosade, Paklenica, Pekman, peradetlić, Pero, Petarvu, Pewac21, picknick, Pilence, PlayerOne, Povratak1912, precan, raso76, read-only, reader, Remain, repac, rokokoko, ruma, Salence74, Samo gledam, Sceadugenga, Semberija, septembar, Sevatar, Sharpshooter, Shinobi, Sin Boskic, Sky diver 29, Smd, Smiljkovich, Sone1983, spektorsky, spot4chulle, srbijaiznadsvega, Srky Boy, Srle993, Steeeefan, stegonosa, stevo svinja, stingD, t84dar, Tandrkalo, Tandrčak, The Boss, The_new_Statesman, tmanda323, tooljan, travisrise, troki1971, trutcina, TRZH92, tuf, ujke, Underdog9, Underwood, username_25, Vanderx, vargas, vathra, vazduh, vdeki, veljkovicdani, Veljko™, VJ, Vlad000, Vlada76, vojnik švejk, xAlex2, XBMC, Zdilar, zdrebac, Zerajic, zokizemun, zoran-ruma, Zoran1959, zoran77, |_MeD_|, Đurđevdan