MyCity » Ambulanta -> Arhiva Ambulante » problem!!

problem!!

Napisano na dan: 26.12.2007

problem!!

Sledeća strana

Pagination

Odgovori

yovanap Poslao: 26 Dec 2007 01:36 Idi na vrh
offline yovanap Građanin Pridružio: 03 Nov 2007 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 1:26:59 AM, on 12/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\_svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jo\Desktop\nesto\tr3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: C:\WINDOWS\system32\Lfj95jg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Lfj95jg.dll (file missing) O2 - BHO: C:\WINDOWS\system32\Frjkfl4g.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Frjkfl4g.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Outlook Express] C:\WINDOWS\gmer.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SoundMan] " SOUNDMAN.EXE" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O17 - HKLM\System\CCS\Services\Tcpip\..\{C544F9A2-EEFD-4CCF-ADCC-976E22189885}: NameServer = 77.105.0.19 77.105.0.18 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O21 - SSODL: WXThZDRtxkPw - {C886F7AB-622C-5D01-6DD8-8046ADD97EA7} - C:\WINDOWS\system32\ua.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Microsoft Inet Services - Unknown owner - C:\WINDOWS\system32\_svchost.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe problem je u tome sto mi se stranice na internet exploreru jako sporo ucitavaju i ako imam adsl na 512 mb .sve ostalo radi korektno.imam symantec anti virus.

Profil

dr_Bora Poslao: 26 Dec 2007 11:11 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Pokreni HijackThis, skeniraj i čekiraj sledeće linije: O2 - BHO: C:\WINDOWS\system32\Lfj95jg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Lfj95jg.dll (file missing) O2 - BHO: C:\WINDOWS\system32\Frjkfl4g.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Frjkfl4g.dll (file missing) O4 - HKLM\..\Run: [Outlook Express] C:\WINDOWS\gmer.exe O16 - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O21 - SSODL: WXThZDRtxkPw - {C886F7AB-622C-5D01-6DD8-8046ADD97EA7} - C:\WINDOWS\system32\ua.dll (file missing) Klikni Fix Checked. ------------------------------------------------------------------------------------- Potraži i ako postoji uploaduj mi sledeći file: C:\WINDOWS\gmer.exe Upload link: [Link mogu videti samo ulogovani korisnici] ------------------------------------------------------------------------------------- Skinuti SDFix na Desktop. Dupli klik na SDFix.exe ce raspakovati program u folder C:\SDFix, osim ukoliko putanja nije drugacije odredjena pri raspakivanju. Restartovati kompjuter u Safe Mode Uci u folder u kojem je raspakovan SDFix i startovati RunThis.bat Stisnuti Y da bi se zapocelo skeniranje Nakon skeniranja ce se pojaviti poruka da ce kompjuter biti restartovan Pritisnuti bilo koji taster da bi se kompjuter restartovao Nakon restarta ce se automatski pokrenuti jos jedno skeniranje, i po njegovom zavrsetku ce se pojaviti poruka Finished Nakon ucitavanja desktop ikonica, na ekranu ce se pojaviti izvestaj. Izvestaj ce ujedno biti snimljen i kao Report.txt u folderu u kojem je SDFix raspakovan Iskopirati izvestaj u poruku na forumu, i postaviti i nov log programa HijackThis ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

yovanap Poslao: 26 Dec 2007 22:00 Idi na vrh
offline yovanap Građanin Pridružio: 03 Nov 2007 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! SDFix: Version 1.119 Run by Jo on Wed 12/26/2007 at 09:36 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: FCI ICF runtime Path: C:\WINDOWS\system32\svchost.exe:ext.exe C:\WINDOWS\system32\svchost.exe:exe.exe \??\C:\WINDOWS\System32\drivers\runtime.sys FCI - Deleted ICF - Deleted runtime - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing Security Center Service Restoring Missing SharedAccess Service Rebooting... Service NdisWon - Deleted after Reboot Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\shift.exe.exe - Deleted C:\DOCUME~1\Jo\LOCALS~1\Temp\0wl.tmp - Deleted C:\WINDOWS\system32\7_exception.nls - Deleted C:\WINDOWS\system32\kr_done1 - Deleted C:\WINDOWS\system32\svcp.csv - Deleted C:\WINDOWS\system32\winsub.xml - Deleted C:\WINDOWS\system32\drivers\NdisWon.sys - Deleted Folder C:\Documents and Settings\All Users\Documents\Settings - Removed Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe : ADS Found! svchost.exe: deleted 76800 bytes in 3 streams. Checking for remaining Streams C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2007-12-26 21:43:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kprof] "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\kprof" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kprof\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof] "Type"=dword:00000001 "Start"=dword:00000000 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"system32\poof" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kprof] "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\kprof" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kprof\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\poof] "Type"=dword:00000001 "Start"=dword:00000000 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"system32\poof" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\poof\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\kprof 7040 bytes executable C:\WINDOWS\system32\poof 37632 bytes executable scan completed successfully hidden processes: 0 hidden services: 2 hidden files: 2 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\bot.exe"="C:\\bot.exe::Enabled:Windows Update" "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe::Enabled:svchost" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Finished! Logfile of HijackThis v1.99.1 Scan saved at 9:55:32 PM, on 12/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Jo\Desktop\nesto\tr3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SoundMan] " SOUNDMAN.EXE" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{C544F9A2-EEFD-4CCF-ADCC-976E22189885}: NameServer = 77.105.0.19 77.105.0.18 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Microsoft Inet Services - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ComboFix 07-12-21.4 - Jo 2007-12-26 21:48:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.89 [GMT 1:00] Running from: C:\Documents and Settings\Jo\Desktop\ComboFix.exe . ADS - explorer.exe: deleted 8 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Microsoft Security Adviser C:\Program Files\Microsoft Security Adviser\mssadv.exe C:\WINDOWS\mssadv.dll C:\WINDOWS\system32\_svchost.exe C:\WINDOWS\system32\koos.exe C:\WINDOWS\system32\kprof C:\WINDOWS\system32\poof C:\WINDOWS\system32\updates295.exe C:\WINDOWS\system32\updates298.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_KPROF -------\LEGACY_POOF -------\LEGACY_RUNTIME ((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))) . 2007-12-26 21:35 . 2007-12-26 21:35 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-25 21:53 . 2007-12-25 21:53 16,384 --a------ C:\WINDOWS\system32\users32.dat 2007-12-25 14:39 . 2007-12-26 21:17 69,632 --a------ C:\WINDOWS\system32\csrssw.dll 2007-12-25 14:39 . 2007-12-25 14:39 23,806 --a------ C:\WINDOWS\disnisa.config 2007-12-25 14:38 . 2007-12-25 14:38 135,168 --a------ C:\WINDOWS\disnisa.exe 2007-12-25 14:38 . 2007-12-25 14:38 72,192 --a------ C:\bot.exe 2007-12-25 14:38 . 2007-12-25 21:53 36 --a------ C:\WINDOWS\system32\svchost.t__ 2007-12-25 14:37 . 2007-12-25 14:37 28,672 --a------ C:\Documents and Settings\Jo\xXx.exe 2007-12-25 14:37 . 2007-12-25 14:37 6,144 --a------ C:\Documents and Settings\Jo\ie_updates3r.exe 2007-12-25 14:37 . 2007-12-26 14:03 418 --a------ C:\WINDOWS\system32\svchost.tmp 2007-12-18 14:56 . 2007-12-18 14:56 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player 2007-12-14 14:50 . 2007-12-14 14:51 0 --a------ C:\dump_dvd.vob 2007-12-11 23:16 . 2007-12-11 23:24 <DIR> d-------- C:\Program Files\Nostalgija.com 2007-12-10 22:00 . 2007-12-26 01:00 <DIR> d-------- C:\Program Files\eMule 2007-12-08 18:59 . 2007-12-08 18:59 <DIR> d-------- C:\WINDOWS\Sun 2007-11-30 12:27 . 2007-11-30 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2007-11-30 12:15 . 2007-11-30 12:15 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information 2007-11-30 12:15 . 2007-11-30 12:15 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ 2007-11-30 12:15 . 2006-11-06 06:00 198,656 --a------ C:\WINDOWS\system32\CNMLM8O.DLL 2007-11-30 12:14 . 2007-11-30 12:14 <DIR> d--h----- C:\Program Files\CanonBJ 2007-11-30 12:14 . 2007-11-30 12:27 <DIR> d-------- C:\Program Files\Canon 2007-11-30 12:11 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-11-30 12:11 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-26 20:51 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-12-25 19:18 16,896 ----a-w C:\WINDOWS\system32\svchost.exe 2007-12-25 13:43 58,368 ----a-w C:\WINDOWS\system32\spoolsv.exe 2007-12-25 13:43 505,856 ----a-w C:\WINDOWS\system32\winlogon.exe 2007-12-25 13:43 14,336 ----a-w C:\WINDOWS\system32\lsass.exe 2007-12-25 13:43 110,080 ----a-w C:\WINDOWS\system32\services.exe 2007-12-25 13:43 1,034,240 ----a-w C:\WINDOWS\explorer.exe 2007-12-09 20:55 --------- d-----w C:\Program Files\Electronic Arts 2007-11-29 10:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-08 10:55 --------- d-----w C:\Program Files\P2P_Energy 2007-11-04 16:58 9,216 ----a-w C:\WINDOWS\system32\drivers\uji3otqy.sys 2007-11-04 16:58 7,168 ----a-w C:\WINDOWS\system32\drivers\uti3otqy.sys 2007-11-03 01:18 --------- d-----w C:\Program Files\Soulseek-Test 2007-11-02 12:20 --------- d-----w C:\Program Files\Secured_eMule 2007-10-28 19:57 --------- d-----w C:\Program Files\MV2Player 2007-10-28 19:54 893,537 ----a-w C:\Program Files\MV2Player_06[1].010.exe 2007-10-28 17:27 --------- d-----w C:\Documents and Settings\Jo\Application Data\BitTorrent Pro 2007-10-28 16:53 --------- d-----w C:\Program Files\Java 2007-10-28 16:49 --------- d-----w C:\Program Files\Common Files\Java 2007-10-28 14:27 --------- d-----w C:\Program Files\Bullfrog 2007-10-20 19:27 30,720 ----a-w C:\WINDOWS\internt.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] 2007-05-27 12:17 1326104 --a------ C:\Program Files\Secured_eMule\tbSecu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11D4-9B18-009027A5CD4F} {1D1B60FD-B21F-4B9A-8A5F-64E8544828D7} [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= C:\Program Files\Secured_eMule\tbSecu.dll [2007-05-27 12:17 1326104] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 23:05] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06] "SoundMan"=" SOUNDMAN.EXE" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 08:08 C:\WINDOWS\soundman.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 11:42] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-09-11 14:29] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-25 21:53] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-25 21:53] "DSLSTATEXE"="C:\Program Files\Conexant\Adsl\dslstat.exe" [] "DSLAGENTEXE"="C:\Program Files\Conexant\Adsl\dslagent.exe" [] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2007-12-25 21:53] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] "disnisa"="C:\WINDOWS\disnisa.exe" [2007-12-25 14:38] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 20:26:24] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-11-16 18:04 139264 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp] S3trayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-02-08 00:40] R3 wanusb;Conexant USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys [2005-09-22 09:31] S3 AVZ;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uti3otqy.sys [2007-11-04 17:58] S3 AVZSG;AVZ-SG Kernel Driver;C:\WINDOWS\system32\Drivers\uji3otqy.sys [2007-11-04 17:58] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder "2007-12-24 23:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-23 08:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-23 09:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-23 10:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-24 11:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-25 12:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-26 13:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-23 14:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-23 15:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-24 16:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-23 17:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-26 00:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-23 18:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-25 19:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-25 20:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-25 21:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-24 22:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-23 01:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-02 02:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-02 03:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-02 04:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-02 05:00:00 C:\WINDOWS\Tasks\At7.job" "2007-12-02 06:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\D544LLws.exe "2007-12-13 07:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\D544LLws.exe . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2007-12-26 21:51:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FFI] "ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe" . Completion time: 2007-12-26 21:52:53 - machine was rebooted

Profil

dr_Bora Poslao: 27 Dec 2007 02:15 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni HT skeniraj i čekiraj sledeće linije: O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing) O23 - Service: Microsoft Inet Services - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing) Klikni Fix Checked. ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\users32.dat C:\WINDOWS\system32\csrssw.dll C:\WINDOWS\disnisa.config C:\WINDOWS\disnisa.exe C:\bot.exe C:\WINDOWS\gmer.exe C:\WINDOWS\system32\svchost.t__ C:\Documents and Settings\Jo\xXx.exe C:\Documents and Settings\Jo\ie_updates3r.exe C:\WINDOWS\system32\svchost.tmp C:\WINDOWS\internt.exe C:\WINDOWS\system32\D544LLws.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job Registry:: [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "disnisa"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\bot.exe"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

yovanap Poslao: 27 Dec 2007 12:24 Idi na vrh
offline yovanap Građanin Pridružio: 03 Nov 2007 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 07-12-21.4 - Jo 2007-12-27 12:20:13.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.97 [GMT 1:00] Running from: C:\Documents and Settings\Jo\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Jo\Desktop\CFScript.txt * Created a new restore point FILE C:\bot.exe C:\Documents and Settings\Jo\ie_updates3r.exe C:\Documents and Settings\Jo\xXx.exe C:\WINDOWS\disnisa.config C:\WINDOWS\disnisa.exe C:\WINDOWS\gmer.exe C:\WINDOWS\internt.exe C:\WINDOWS\system32\csrssw.dll C:\WINDOWS\system32\D544LLws.exe C:\WINDOWS\system32\svchost.t__ C:\WINDOWS\system32\svchost.tmp C:\WINDOWS\system32\users32.dat C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bot.exe C:\Documents and Settings\Jo\ie_updates3r.exe C:\Documents and Settings\Jo\xXx.exe C:\WINDOWS\disnisa.config C:\WINDOWS\disnisa.exe C:\WINDOWS\gmer.exe C:\WINDOWS\internt.exe C:\WINDOWS\system32\csrssw.dll C:\WINDOWS\system32\svchost.t__ C:\WINDOWS\system32\svchost.tmp C:\WINDOWS\system32\users32.dat C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))) . 2007-12-26 21:35 . 2007-12-26 21:35 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-18 14:56 . 2007-12-18 14:56 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player 2007-12-14 14:50 . 2007-12-14 14:51 0 --a------ C:\dump_dvd.vob 2007-12-11 23:16 . 2007-12-11 23:24 <DIR> d-------- C:\Program Files\Nostalgija.com 2007-12-10 22:00 . 2007-12-27 10:34 <DIR> d-------- C:\Program Files\eMule 2007-12-08 18:59 . 2007-12-08 18:59 <DIR> d-------- C:\WINDOWS\Sun 2007-11-30 12:27 . 2007-11-30 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2007-11-30 12:15 . 2007-11-30 12:15 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information 2007-11-30 12:15 . 2007-11-30 12:15 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ 2007-11-30 12:15 . 2006-11-06 06:00 198,656 --a------ C:\WINDOWS\system32\CNMLM8O.DLL 2007-11-30 12:14 . 2007-11-30 12:14 <DIR> d--h----- C:\Program Files\CanonBJ 2007-11-30 12:14 . 2007-11-30 12:27 <DIR> d-------- C:\Program Files\Canon 2007-11-30 12:11 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-11-30 12:11 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-27 11:15 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-12-25 19:18 16,896 ----a-w C:\WINDOWS\system32\svchost.exe 2007-12-25 13:43 58,368 ----a-w C:\WINDOWS\system32\spoolsv.exe 2007-12-25 13:43 505,856 ----a-w C:\WINDOWS\system32\winlogon.exe 2007-12-25 13:43 14,336 ----a-w C:\WINDOWS\system32\lsass.exe 2007-12-25 13:43 110,080 ----a-w C:\WINDOWS\system32\services.exe 2007-12-25 13:43 1,034,240 ----a-w C:\WINDOWS\explorer.exe 2007-12-09 20:55 --------- d-----w C:\Program Files\Electronic Arts 2007-11-29 10:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-08 10:55 --------- d-----w C:\Program Files\P2P_Energy 2007-11-04 16:58 9,216 ----a-w C:\WINDOWS\system32\drivers\uji3otqy.sys 2007-11-04 16:58 7,168 ----a-w C:\WINDOWS\system32\drivers\uti3otqy.sys 2007-11-03 01:18 --------- d-----w C:\Program Files\Soulseek-Test 2007-11-02 12:20 --------- d-----w C:\Program Files\Secured_eMule 2007-10-28 19:57 --------- d-----w C:\Program Files\MV2Player 2007-10-28 19:54 893,537 ----a-w C:\Program Files\MV2Player_06[1].010.exe 2007-10-28 17:27 --------- d-----w C:\Documents and Settings\Jo\Application Data\BitTorrent Pro 2007-10-28 16:53 --------- d-----w C:\Program Files\Java 2007-10-28 16:49 --------- d-----w C:\Program Files\Common Files\Java 2007-10-28 14:27 --------- d-----w C:\Program Files\Bullfrog . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] 2007-05-27 12:17 1326104 --a------ C:\Program Files\Secured_eMule\tbSecu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11D4-9B18-009027A5CD4F} {1D1B60FD-B21F-4B9A-8A5F-64E8544828D7} [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= C:\Program Files\Secured_eMule\tbSecu.dll [2007-05-27 12:17 1326104] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 23:05] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06] "SoundMan"=" SOUNDMAN.EXE" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 08:08 C:\WINDOWS\soundman.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 11:42] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-09-11 14:29] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-25 21:53] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-25 21:53] "DSLSTATEXE"="C:\Program Files\Conexant\Adsl\dslstat.exe" [] "DSLAGENTEXE"="C:\Program Files\Conexant\Adsl\dslagent.exe" [] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2007-12-25 21:53] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 20:26:24] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-11-16 18:04 139264 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp] S3trayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 16:12] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-02-08 00:40] R3 wanusb;Conexant USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys [2005-09-22 09:31] S3 AVZ;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uti3otqy.sys [2007-11-04 17:58] S3 AVZSG;AVZ-SG Kernel Driver;C:\WINDOWS\system32\Drivers\uji3otqy.sys [2007-11-04 17:58] S4 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe [] S4 Microsoft Inet Services;Microsoft Inet Services;C:\WINDOWS\system32\_svchost.exe -A [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2007-12-27 12:22:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FFI] "ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe" . Completion time: 2007-12-27 12:22:53 C:\ComboFix2.txt ... 2007-12-26 21:52

Profil

dr_Bora Poslao: 27 Dec 2007 12:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

yovanap Poslao: 28 Dec 2007 18:21 Idi na vrh
offline yovanap Građanin Pridružio: 03 Nov 2007 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ovo poslednje ne mogu da uradim kada preko desnog klika odem na properties nema system restore dole pise find target,change icon...negde ne mogu to da nadjem

Profil

DEMIAN Poslao: 28 Dec 2007 20:32 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To je zato što si gledao Properties na nekoj kreiranoj prečici do My Computer opcije. Imaš "original" My Copmuter u Start meniju ako ga nisi uklonio i odatle. Ako se i tako ne snađeš onda Start > All Programs > Accessories > System Tools > System Restore pa odradi postupak koji ti je Bora napisao.

Profil

yovanap Poslao: 29 Dec 2007 16:34 Idi na vrh
offline yovanap Građanin Pridružio: 03 Nov 2007 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uspela..hvala mnogo,spasili ste me.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem!!

Ko je trenutno na forumu

Ukupno su 951 korisnika na forumu :: 65 registrovanih, 5 sakrivenih i 881 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Asteker, Bo96, Borski1977, Botovac, BSD, bukefal, Ciri1994, Cirkon, Clouseau, Colt D, dj.ape, doom83, Draganeli, Džekson, Glavonja049, Gradjanin, Jager715510, Jeremiah, Jester, joca83, jodzula, Kajzer Soze, kaput21, Kenanjoz, Kriglord, laurusri, luka35, MadMike, Makarid, Marko Marković, MaschinenPistole, Miki 24pbr, Milan Miscevic, milenko crazy north, Miler88, milutin134, Mirage 2000N, MiroslavD, Mis uz pusku, Mrav Obrad, N.e.m.a.nj.a., nelezele, nemkea71, nenad81, neutrino, nixos, OKT, Paklenica, pein, Pilence, predragc, PrincipL, rakivan, RJ, SpaDej, Srki98, Stoilkovic, tamno.nebo, Vanderx, vathra, veljkovicdani, vlad4, vrgudinac, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by