Da li je u pitanju virus?

Da li je u pitanju virus?

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:37, on 29.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Documents and Settings\xp pro\Desktop\New Folder\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mystart.incredimail.com/english/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E6D8F073-C95F-4CD3-91EB-AC9983C27C88} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe /s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: Download by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AD8E4E2-6BD0-4E03-BE2A-4C46E9C6CA27}: NameServer = 82.117.200.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 5906 bytes



Pre oko 1 mesec pojavio se problem oko narezivanja, jedan prekida na pola a drugi reze na maksimalnoj brzini oko 1 sat. takodje imam problem sa plejerima, gde u isto vreme kao i gore, ide reprodukcija, ali bez zvuka.pre toga sam imao isti problem i dobio ovde pomoc molim za novu pomoc, posto mislim da je komp zarazan virusima

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

ComboFix 09-01-21.04 - xp pro 2009-01-30 8:39:37.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1630 [GMT 1:00]
Running from: c:\documents and settings\xp pro\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.

2009-01-28 14:38 . 2009-01-28 16:42 <DIR> d-------- c:\program files\ESET
2009-01-22 11:10 . 2009-01-22 18:33 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-22 11:06 . 2009-01-22 11:06 <DIR> d-------- c:\program files\Lavasoft
2009-01-22 11:06 . 2009-01-22 11:06 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-22 11:06 . 2009-01-18 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-21 12:36 . 2009-01-21 12:38 <DIR> d-------- c:\program files\The KMPlayer
2009-01-17 11:03 . 2009-01-22 11:37 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-16 11:51 . 2009-01-16 11:51 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-14 19:58 . 2009-01-14 19:58 146 --a------ c:\windows\system32\test.aok
2009-01-14 19:49 . 2009-01-14 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-14 19:40 . 2009-01-14 19:42 3,652 --a------ c:\windows\desctemp.dat
2009-01-14 17:44 . 2009-01-14 17:44 <DIR> d-------- c:\program files\QuickTime
2009-01-14 17:29 . 2009-01-14 17:29 <DIR> d-------- c:\documents and settings\xp pro\.Nokia
2009-01-14 17:28 . 2009-01-14 17:29 <DIR> d--h----- c:\program files\Zero G Registry
2009-01-14 17:28 . 2009-01-14 17:28 <DIR> d--h----- c:\documents and settings\xp pro\InstallAnywhere
2009-01-14 02:26 . 2009-01-14 02:26 <DIR> d-------- c:\program files\Pure Networks
2009-01-10 21:44 . 2009-01-10 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-10 21:41 . 2009-01-10 21:41 <DIR> d-------- c:\program files\IVT Corporation
2009-01-09 20:41 . 2009-01-22 11:12 <DIR> d-------- c:\windows\Luxor 4 - Quest for the Afterlife
2009-01-09 20:41 . 2009-01-09 20:43 <DIR> d-------- c:\program files\Luxor 4 - Quest for the Afterlife
2009-01-09 13:41 . 2004-01-11 23:00 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-01-09 13:41 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll
2009-01-09 12:26 . 2009-01-30 08:35 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2
2009-01-09 11:48 . 2009-01-09 11:48 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-01-09 11:48 . 2009-01-09 11:48 <DIR> d-------- c:\program files\Common Files\Nokia
2009-01-09 11:48 . 2009-01-09 11:48 <DIR> d-------- c:\program files\City Interactive
2009-01-09 11:48 . 2009-01-09 11:48 <DIR> d-------- c:\program files\aHisoft
2009-01-09 11:48 . 2009-01-30 08:38 <DIR> d-------- C:\My Videos
2009-01-09 11:48 . 2009-01-09 22:42 <DIR> d-------- C:\games
2009-01-09 11:48 . 2009-01-09 11:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\aHisoft
2009-01-09 11:18 . 2009-01-09 11:47 <DIR> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF(2).TMP
2009-01-08 15:42 . 2009-01-14 13:10 <DIR> d-------- c:\program files\SolSuite
2009-01-08 15:40 . 2009-01-09 11:22 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-01-08 15:37 . 2009-01-08 15:37 <DIR> d-------- c:\program files\Escape From Paradise
2009-01-08 15:36 . 2009-01-08 15:36 <DIR> d-------- c:\program files\XP Repair Pro 2007
2009-01-08 15:36 . 2009-01-09 12:04 <DIR> d-------- c:\program files\Jardinains!
2009-01-08 15:36 . 2009-01-22 11:35 <DIR> d-------- c:\program files\GameHouse
2009-01-07 21:45 . 2009-01-07 21:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\InterAction studios
2009-01-05 13:21 . 2009-01-05 13:21 3,400 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-01-04 21:20 . 2009-01-04 21:20 <DIR> d-------- c:\documents and settings\xp pro\Application Data\VMware
2008-12-30 14:21 . 2009-01-08 15:39 <DIR> d-------- c:\program files\X3mE Yamb
2008-12-30 14:09 . 2008-12-30 14:09 24 --a------ c:\windows\popcinfot.dat
2008-12-30 01:22 . 2009-01-08 15:39 <DIR> d-------- c:\program files\Weather Watcher Live
2008-12-30 01:22 . 2008-12-30 01:28 <DIR> d-------- c:\documents and settings\xp pro\Application Data\WeatherWatcherLive
2008-12-28 18:56 . 2008-12-28 18:56 <DIR> d-------- c:\windows\Logs
2008-12-28 18:39 . 2008-12-28 18:39 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-24 20:51 . 2009-01-08 15:41 <DIR> d-------- c:\documents and settings\xp pro\Application Data\vlc
2008-12-24 20:50 . 2008-12-24 20:50 <DIR> d-------- c:\program files\VideoLAN
2008-12-24 20:35 . 2008-12-24 20:35 <DIR> d-------- c:\program files\Gabest
2008-12-24 18:20 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-12-24 17:20 . 2008-12-24 17:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\JollyBear
2008-12-24 15:01 . 2008-12-24 15:09 <DIR> d-------- c:\documents and settings\xp pro\Application Data\SolSuite
2008-12-24 15:01 . 2009-01-09 11:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\TreeCardGames
2008-12-10 22:14 . 2009-01-08 15:43 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Hoyle Puzzle and Board Games
2008-12-10 22:14 . 2009-01-08 15:43 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Hoyle FaceCreator
2008-12-05 16:54 . 2009-01-13 12:51 250 --a------ c:\windows\gmer.ini
2008-12-03 12:39 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-01 20:46 . 2008-12-01 20:46 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Thinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 07:33 --------- d-----w c:\documents and settings\xp pro\Application Data\uTorrent
2009-01-28 16:03 --------- d-----w c:\program files\Puzzle Express
2009-01-21 18:53 --------- d-----w c:\program files\Valve
2009-01-14 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-12 21:47 --------- d-----w c:\documents and settings\xp pro\Application Data\Vso
2009-01-12 21:46 81,920 ----a-w c:\documents and settings\xp pro\Application Data\ezpinst.exe
2009-01-12 21:46 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-12 21:46 47,360 ----a-w c:\documents and settings\xp pro\Application Data\pcouffin.sys
2009-01-12 12:14 --------- d-----w c:\program files\Video Convert Premier
2009-01-09 19:44 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2009-01-09 10:47 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-01-08 14:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 14:38 --------- d-----w c:\program files\ToGo Game
2009-01-08 14:37 --------- d-----w c:\program files\uTorrent
2008-12-29 12:18 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-09 09:38 --------- d-----w c:\program files\YouTubeRobot
2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-02 12:10 --------- d-----w c:\documents and settings\xp pro\Application Data\Gearbox Software
2008-12-01 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-30 11:46 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Netsweeper
2008-11-26 19:25 16,376 ----a-w c:\windows\gdrv.sys
2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263769828.exe
2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263766796.exe
2007-07-26 19:00 23,800,756 ----a-w c:\program files\Burning Studio 7.1.0.exe
2002-07-01 14:13 224 --sha-w c:\documents and settings\xp pro\Application Data\maildriver32.dat
.

------- Sigcheck -------

2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys
2004-08-04 00:14 359040 27a5959c94ee173a063ca06bd14f021a c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-22 507224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\xp pro\Start Menu\Programs\Startup\
æTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2008-07-10 220164]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Scheduler for OEM.lnk - c:\program files\honestech\honestech TVR\scheduleTV.exe [2008-07-07 307200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-22 64160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-04-23 33800]
R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456]
R4 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2008-07-07 279552]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-04-23 472320]
R4 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-09-30 51816]
R4 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2008-07-07 25984]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-11-07 98840]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
.
Contents of the 'Scheduled Tasks' folder

2009-01-29 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-22 18:33]
.
- - - - ORPHANS REMOVED - - - -

BHO-{E6D8F073-C95F-4CD3-91EB-AC9983C27C88} - (no file)
HKCU-Run-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
HKCU-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe
HKCU-Run-nodenable - c:\program files\eset\nodenable.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/english/
IE: Download by YouTube Robot - c:\program files\YouTubeRobot\RobotExt.ocx/LINK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {8AD8E4E2-6BD0-4E03-BE2A-4C46E9C6CA27} = 82.117.200.6
FF - ProfilePath - c:\documents and settings\xp pro\Application Data\Mozilla\Firefox\Profiles\ftjliinr.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-30 08:39:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1645522239-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{586A8F2C-7720-628A-1D0A-FFF4789DE6D3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabgbmbjhdkkafdalk"=hex:6a,61,69,61,65,6c,62,65,6d,6b,66,6d,6c,6f,61,6c,70,6d,
6e,6c,00,00
"halkdppjcapfhpfh"=hex:6a,61,69,61,65,6c,62,65,6d,6b,66,6d,6c,6f,61,6c,70,6d,
6e,6c,00,00
"eadhfclbnd"=hex:61,61,00,7c
"eajfbpbcmp"=hex:61,61,00,7c

[HKEY_USERS\S-1-5-21-1645522239-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A69BA63-A6A3-1087-816D-8AF284205586}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nadfdmhlofdifbmcnjjpcgfhnpge"=hex:6a,61,67,61,66,6d,6b,6b,61,6a,64,69,70,6c,
6c,6f,6e,63,69,65,00,00
"majffmmmejphpbnmikpamopigk"=hex:6a,61,67,61,6a,6d,6f,6d,65,62,69,61,65,69,61,
61,64,6b,61,69,00,00
.
Completion time: 2009-01-30 8:41:23
ComboFix-quarantined-files.txt 2009-01-30 07:41:21

Pre-Run: 65,817,747,456 bytes free
Post-Run: 65,807,781,888 bytes free

210

Dopuna: 30 Jan 2009 8:46

To je nakon disable NOD32 i Ad-Aware

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Log je cist.

Jesi li siguran da nije problem do hardvera?
Jesi li proverio temperature i napone napajanja?
Ako nisi, nadji na netu program SpeedFan i postavi ovde screenshot da pogledam rezultate.

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

img220.imageshack.us/my.php?image=310120091255uz9.jpg

Dopuna: 31 Jan 2009 12:36

To je trenutna temperatura a inace komp se negasi

Dopuna: 31 Jan 2009 12:38


offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

SpeedFan se izgleda ne snalazi sa senzorima na tvojoj ploci.

Skini HWInfo32 odavde:
http://www.hwinfo.com/download32.html

Instaliraj, pokreni, prebaci se gore na Sensor Monitor, pa postavi screenshot tog ekrana.

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

dodaj.rs/f/1R/d3/2WnW7KQ4/310120091257.jpg
To je to.Kada proverim uredjaje a oni su Pioneer SATA izgleda da su uredu drajveri.Mozda se tu nesto krije?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Izvini, ali ovo kako ovde nisu u pitanju virusi, onda ovo nije vise tema za Ambulantu.

Rekao bih da imas hardverski problem. Ili je napajanje na izdahu, ili elektroliti na maticnoj ploci.
Naponi koji su prikazani na zadnjem screenshotu su jako nestabilni.

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

Ok ,videcu sa prodavcem jer je masina jos pod garancijom. U svakom slucaju hvlaa.

Ko je trenutno na forumu
 

Ukupno su 791 korisnika na forumu :: 45 registrovanih, 7 sakrivenih i 739 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _commandos_, _Rade, A.R.Chafee.Jr., bankulen, Boris90, BSD, celeron, Cigi, darcaud, djboj, djordje92sm, dragon986, Duh sa sekirom, Duško, Džordžino, Filip Marinković, gile58, glada, ikan, Insan, ivan1973, kovinacc, kybonacci, Lep1na, ljuba, Logic005, Lošmi, Markoni29, mateklajos, mačković, mean_machine, milos.cbr, mushroom, panonski mornar, Pavac, Recce, Regrut Boskica, RiV, Tenk, theNedjeljko, virked, Vlada1389, willie, Živković, 223223