Aktivnost na racanuru i kad ne radim nista

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo mene opet!Pozdrav svima!

U posljednje vrijeme vidno mi je opala brzina internenta i download i upload!

Takodjer,kad nista ne radim na kompu cuje se u procesoru aktivnost kao da nest oracunar konstantno radi i ventilator se ne gasi skoro nikad a aktivnost cujem ali ne vidim je u procesima i nigdje ne vidim sta je problem!

Takodjer cest ose desava da ne mogu iskljuciti racunar na Shut down,vec mmoram izvrsiti odjavu korisnika pa ponovo prijavu d bih ugasio racunar!

Prije 20tak dana Nod je nasao i obrisao dva trojanca,misli mda se od tad ovo pocelo desavati!

Trebam pomoc,hvala unaprijed,evo HT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:02, on 3/12/2007
Platform: Windows XP SP2 (WinNT X.XX.XXXX)
MSIE: Internet Explorer v7.00
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = radiovalter.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: zlclient.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\beuk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....9303579359
O17 - HKLM\System\CCS\Services\Tcpip\..\{905279FD-2B8E-4217-B9A4-43034847B80A}: NameServer = 194.154.192.101,194.154.192.102
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9034 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E ovako nakon sto je ComboFix zavrsio sve i izbacio log,nisam mogao da se konektujem na internet i msn uopste,pa sam morao restart i evo me nakon restarta!
Nakon restarta pojavilo m ise ovo na taskbaru i ne mogu ga maksimizirati da vidim sta je to i nemam pojma sta je to,samo daje mogucnost "Zatvori":


O cem use radi? Sta je ovaj mhotkey problem?


Evo i ComboFix log:

ComboFix 07-12-02.7 - PB 2007-12-03 22:56:44.3 - NTFSx86
Microsoft Windows XP Professional[GMT 1:00]
Running from: D:\NOVI DOWNLOADI\PROGRAMI\MyCity programi za viruse\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-03 11:26 . 2007-08-07 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Manager Thunk Bows Cast
2007-11-30 18:35 . 2007-11-30 18:35 <DIR> d-------- C:\Program Files\iTunes
2007-11-30 18:35 . 2007-11-30 18:35 <DIR> d-------- C:\Program Files\iPod
2007-11-30 18:33 . 2007-11-30 18:33 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-29 01:24 . 2007-11-29 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RFA_Backups
2007-11-29 01:23 . 2007-11-29 01:23 <DIR> d-------- C:\Program Files\RFA Platinum
2007-11-28 00:20 . 2007-11-28 00:20 <DIR> d-------- C:\Video Recordings
2007-11-28 00:20 . 2007-11-28 00:20 <DIR> d-------- C:\Program Files\ZD Soft
2007-11-27 00:11 . 2007-11-27 00:11 35,365 --a------ C:\WINDOWS\system32\uninstHelixYUV.exe
2007-11-26 22:50 . 2007-11-26 22:51 <DIR> d-------- C:\Program Files\SCREEN2EXE
2007-11-26 01:08 . 2007-11-26 07:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-25 20:26 . 2007-11-25 20:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-25 18:23 . 2007-11-25 18:23 <DIR> d-------- C:\Program Files\DivoCodec
2007-11-24 01:19 . 2007-11-24 01:19 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-23 00:13 . 2007-11-23 00:42 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 1(2)
2007-11-22 03:25 . 2004-08-10 15:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2007-11-22 03:25 . 2007-11-22 03:25 218,624 --a------ C:\WINDOWS\system32\dllcache\uxtheme.dll
2007-11-21 01:45 . 2007-11-21 01:45 <DIR> d-------- C:\Documents and Settings\PB\Application Data\Smart PC Solutions
2007-11-20 03:14 . 2007-11-29 01:21 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2007-11-20 01:32 . 2007-11-20 01:32 <DIR> d-------- C:\Program Files\CCleaner
2007-11-16 14:17 . 2007-11-16 14:17 <DIR> d-------- C:\Program Files\Mutilate File Wiper
2007-11-16 14:09 . 2007-11-16 14:09 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-11-16 13:50 . 2007-11-16 13:50 <DIR> d-------- C:\Documents and Settings\PB\Application Data\iolo
2007-11-16 11:59 . 2007-11-16 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-16 11:58 . 2007-11-16 11:58 <DIR> d-------- C:\Program Files\Nero
2007-11-16 11:58 . 2007-11-16 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-10 19:47 . 2007-11-10 19:47 <DIR> d-------- C:\Documents and Settings\PB\Application Data\dvdcss
2007-11-09 15:00 . 2007-11-09 15:00 <DIR> d-------- C:\Program Files\Common Files\NSV
2007-11-08 16:52 . 2007-11-08 16:52 <DIR> d-------- C:\Program Files\Azureus
2007-11-08 16:52 . 2007-11-27 14:50 <DIR> d-------- C:\Documents and Settings\PB\Application Data\Azureus
2007-11-08 16:52 . 2007-11-08 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-06 21:23 . 2007-11-06 21:23 240,248 --a------ C:\WINDOWS\system32\wpcap.dll
2007-11-06 21:22 . 2007-11-06 21:22 88,696 --a------ C:\WINDOWS\system32\Packet.dll
2007-11-06 21:22 . 2007-11-06 21:22 68,224 --a------ C:\WINDOWS\system32\WanPacket.dll
2007-11-06 21:22 . 2007-11-06 21:22 34,064 --a------ C:\WINDOWS\system32\drivers\npf.sys
2007-11-06 21:19 . 2007-11-06 21:19 53,299 --a------ C:\WINDOWS\system32\pthreadVC.dll
2007-11-03 12:23 . 2007-11-03 12:25 <DIR> d-------- C:\Program Files\MagicISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 21:58 336,472,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-03 20:39 3,946,256 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-03 16:57 --------- d-----w C:\Program Files\VoipCheapCom
2007-11-30 17:34 --------- d-----w C:\Program Files\QuickTime
2007-11-28 02:00 --------- d-----w C:\Program Files\MSN Webcam Recorder
2007-11-26 22:04 --------- d-----w C:\Program Files\WinPcap
2007-11-26 00:11 --------- d-----w C:\Program Files\Free Audio Pack
2007-11-26 00:10 --------- d-----w C:\Program Files\Easy DVD Creator
2007-11-26 00:09 --------- d-----w C:\Program Files\ARWizard3
2007-11-26 00:06 --------- d-----w C:\Program Files\Lavasoft
2007-11-25 19:25 --------- d-----w C:\Program Files\Common Files\Real
2007-11-22 02:25 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-21 00:45 --------- d-----w C:\Program Files\Smart PC Solutions
2007-11-17 00:42 --------- d-----w C:\Documents and Settings\PB\Application Data\Audacity
2007-11-16 10:59 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-16 00:09 --------- d-----w C:\Documents and Settings\PB\Application Data\Uniblue
2007-11-13 12:35 --------- d-----w C:\Documents and Settings\PB\Application Data\Apple Computer
2007-11-10 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-06 01:09 --------- d-----w C:\Program Files\Animated Banner Maker for GIF
2007-11-03 11:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-03 03:58 --------- d-----w C:\Program Files\Windows Live
2007-11-03 03:54 --------- d-----w C:\Program Files\Solway's Internet TV and Radio
2007-11-03 03:54 --------- d-----w C:\Program Files\RM to AVI MPEG WMV VCD SVCD DVD Converter
2007-11-03 03:52 --------- d-----w C:\Program Files\LimeWire
2007-11-02 10:49 --------- d-----w C:\Program Files\DivX
2007-11-02 10:22 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-02 00:15 --------- d-----w C:\Program Files\URUSoft
2007-11-01 01:00 --------- d-----w C:\Program Files\Opera 9.5 beta
2007-10-31 21:37 3,604 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-31 20:22 3,402,353 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-10-30 23:11 --------- d-----w C:\Program Files\Trend Micro
2007-10-30 18:31 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-30 07:36 --------- d-----w C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2007-10-29 22:19 --------- d-----w C:\Program Files\Total Video Converter
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-23 10:53 --------- d-----w C:\Program Files\Jasc Software Inc
2007-10-23 10:53 --------- d-----w C:\Documents and Settings\PB\Application Data\Jasc
2007-10-22 22:34 --------- d-----w C:\Program Files\Flash Banner Creator
2007-10-22 18:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-22 18:47 --------- d-----w C:\Program Files\vTuner
2007-10-22 18:47 --------- d-----w C:\Program Files\Easy CD-DA Extractor 7
2007-10-21 17:22 --------- d-----w C:\Program Files\Opera
2007-10-18 23:34 --------- d-----w C:\Program Files\Intelore
2007-10-13 20:10 --------- d-----w C:\Program Files\Bingo RM to MP3 Wave Converter
2007-10-07 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-10-07 12:27 --------- d-----w C:\Program Files\Winamp
2007-10-07 11:09 --------- d-----w C:\Program Files\Java
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-06 14:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 14:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2007-05-20 11:38 17,666,560 ----a-w C:\Program Files\mysql-essential-5.0.27-win32.msi
2007-04-14 21:07 2,645,994 ----a-w C:\Program Files\HDELUXEV14.exe
2007-02-05 20:04 28,399,752 ----a-w C:\Program Files\FileFormatConverters.exe
2007-01-31 11:36 245,760 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll
2007-01-26 18:02 136,863 ----a-w C:\Program Files\mwsbar.zip
2007-01-26 05:04 4,964,776 ----a-w C:\Program Files\Windows-KB890830-V1.24.exe
2007-01-20 17:27 415,784 ----a-w C:\Program Files\msgr8us.exe
2007-01-20 13:39 16,332,072 ----a-w C:\Program Files\Install_Messenger_nous.exe
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-05-02 17:29]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 11:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 10:51]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 14:27 C:\WINDOWS\RTHDCPL.exe]
"DriveIcons"="C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe" [2005-12-09 20:44]
"NECHotkey"="mHotkey.exe" [2006-01-11 11:29 C:\WINDOWS\mHotkey.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"OmniPass"="C:\Apps\Softex\OmniPass\scureapp.exe" [2005-08-12 19:05]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-02-21 18:39]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 15:00 C:\WINDOWS\system32\rundll32.exe]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 07:15]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-25 20:25]
"SunServer"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15:00]

C:\Documents and Settings\PB\Start Menu\Programs\Startup\
zlclient.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-09-20 07:18:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Apps\Softex\OmniPass\opxpgina.dll 2005-08-12 18:01 49152 C:\APPS\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^PB^Start Menu^Programs^Startup^msnmsgr.lnk]
backup=C:\WINDOWS\pss\msnmsgr.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
2005-10-20 07:15 102400 --a------ C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
2005-11-17 10:51 975360 --a------ C:\APPS\SMP\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"ose"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"NBService"=3 (0x3)

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s
R2 SrvCDEject;SrvCDEject;C:\Program Files\Packard Bell\SrvCDEject.exe
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS
R3 vidcap;vidcap;C:\WINDOWS\system32\DRIVERS\vidcap.sys
S0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
S3 Aspi;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 17:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-03 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
"2007-12-03 20:43:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-03 20:25:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- D:\PROGRAMI\RegistrySmart\RegistrySmart.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-12-03 22:59:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 23:00:18
C:\ComboFix2.txt ... 2007-10-31 21:03
C:\ComboFix3.txt ... 2007-10-31 19:37
.
--- E O F ---

Dopuna: 04 Dec 2007 18:56

Evo ubacio Vam sam sinoc gore log ComboFix-a i taj dva problema koji su se pojavili nakon skeniranja ComboFixom i restarta!?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Taj mHotkey si imao jos u prvom logu:
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
To sigurno nije nesto sto je naislo zbog skeniranja Combofixom.

Interesuje me sadrzaj sledeceg foldera:
C:\Documents and Settings\All Users\Application Data\Manager Thunk Bows Cast
Mozes li mi napisati koji se sve fajlovi nalaze u tom folderu?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Moguce,ali sta je taj mHotkey i sta da radim u buduce kad se pojavi,jer nema mogucnost da se vidi sta je u pitanju sam oda se zatvori,a javlja kao nekakvu gresku vezano za taj mHotkey?

U folderu nema nista,prazan je - 0 bajtova!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

mHotkey je zaduzen za multimedia tastere na Chicony tastaturama.

Taj prazni folder izbrisi, pripadao je LOP infekciji koju je tvoj antivirus izgleda obrisao.

Ostatak logova je OK. Sto se brzine neta tice, lako moguce je da je neki od tih silnih programa koje imas radio update.

Skini NetLimiter 2 Monitor: http://www.netlimiter.com
U njemu mozes detaljno videti koji proces ti trosi koliki protok, tako da mozes dobiti uvid u cemu je problem.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala Bobby,znaci,ovaj mHotkey prilikom paljenja ako se ponovo pojavi ovako,nije nikakav to problem i samo da ga iskljucim na "zatvori" ili ?

Sto se tice ovoga:
"Takodjer cesto se desava da ne mogu iskljuciti racunar na Shut down,vec moram izvrsiti odjavu korisnika pa ponovo prijavu da bih ugasio racunar!"

da li je to virus napravio stetu negdje i u necemu?
Sta s tim da radim,sta je tu u pitanju i do cega?kako da taj problem eliminisem?

Jos jednom hvala!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ako imas ekstra tastere na tastaturi (Volume +/- itd), lako moguce da nece funkcionisati ukoliko uklonis mHotkey.

Sto se Shutdowna tice, nemam ideju. Mogao bi da probas u Windows forumu.
Eventualno, pokusas ShutDown, pa kada on "odbije" ti otvori TaskManager i napravi screenshot. Lako moguce da imas neki program koji odbija da se ugasi. Ja sam davno imao slicnih problema sa programom MotherboardMonitor.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok hvala Bobby jos jednom pa cu pokusati na Windowsu za ovo

Sretan rad:D