MyCity » Ambulanta -> Arhiva Ambulante » Molim za pomoč

Molim za pomoč

Napisano na dan: 11.7.2008

Strana:
1
2

Molim za pomoč

Sledeća strana

Pagination

Odgovori

Strana:
1
2

cenejac Poslao: 11 Jul 2008 23:20 Idi na vrh
offline cenejac Novi MyCity građanin Pridružio: 25 Avg 2007 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zarazio sam PC nekakvi virusom. Ne radi mi nijedan antivirusni program (koristim NOD), probao sam i NOD-om online. Ne radi mi ni Adaware. Kod NOD-a piše da skenuje ali se ne završi. Ne radi ni apdejt - iako ga pokrenem, poslednji mi se put apdejtovao 7.7. Isto tako ne mogu da stignem na c:documents and settings. Ako mi neko pomogne, bio bih mu puno zahvalan (izvinjavam se na srbskom, ali živim u Sloveniji). Logfile of HijackThis v1.99.1 Scan saved at 23:11:41, on 11/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Uporabnik\My Documents\adware2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\TBPanel.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\qttask.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\Uporabnik\My Documents\vremenko\Vremenko\vremenko.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\drivers\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SEC\MagicTune3.6\GammaTray.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\SEC\MagicTune3.6\MagicTune.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Uporabnik\Desktop\antivirus program\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici] O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdzji.exe] C:\WINDOWS\system32\kdzji.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Vremenko] C:\Documents and Settings\Uporabnik\My Documents\vremenko\Vremenko\vremenko.exe O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Color Calibration.lnk = ? O4 - Global Startup: MagicTune 3.6.lnk = ? O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Documents and Settings\Uporabnik\My Documents\adware2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Profil

bobby Poslao: 11 Jul 2008 23:28 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, i ne brini zbog jezika - odlicno se razumemo Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

cenejac Poslao: 12 Jul 2008 01:07 Idi na vrh
offline cenejac Novi MyCity građanin Pridružio: 25 Avg 2007 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokušao sam skinuti sa sva tri linka. Kod prvog mi je napisao kao da skenira ali više od pola sat ništa se nije desavalo, a kod druga dva nije mi ni počeo skenirat jer je javio kao korupted file. Ima utisak, da je nešto gadno...

Profil

bobby Poslao: 12 Jul 2008 22:35 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni ponovo HijackThis, odaberi Do a system scan only i stikliraj polje ispred sledece linije: O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe Klikni Fix checked Nakon toga restartuj racunar. Napravi novi log uz pomoc HijackThisa, pa ga postavi ovde. Nakon toga probaj da skines ponovo i startujes ComboFix i da postavis ovde log onako kako je gore objasnjeno.

Profil

cenejac Poslao: 12 Jul 2008 23:48 Idi na vrh
offline cenejac Novi MyCity građanin Pridružio: 25 Avg 2007 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 23:13, on 2008-07-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Uporabnik\Desktop\antivirus program\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici] O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdzji.exe] C:\WINDOWS\system32\kdzji.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Vremenko] C:\Documents and Settings\Uporabnik\My Documents\vremenko\Vremenko\vremenko.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Color Calibration.lnk = ? O4 - Global Startup: MagicTune 3.6.lnk = ? O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Sad moram da radim u safe modu jer mi se u običnom stalno gasi... Dopuna: 12 Jul 2008 23:48 ComboFix 08-07-11.1 - Uporabnik 2008-07-12 23:17:42.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.774 [GMT 2:00] Running from: C:\Documents and Settings\Uporabnik\Desktop\antivirus program\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Uporabnik\Application Data\tmp1222.tmp.exe C:\Documents and Settings\Uporabnik\Application Data\tmp12A5.tmp.exe C:\Documents and Settings\Uporabnik\Application Data\tmp210.tmp.exe C:\Documents and Settings\Uporabnik\Application Data\tmp211.tmp.exe C:\Documents and Settings\Uporabnik\Application Data\tmp43B.tmp.exe C:\Documents and Settings\Uporabnik\Application Data\tmp7E.tmp.exe C:\Documents and Settings\Uporabnik\Application Data\tmp9BA.tmp.exe C:\Documents and Settings\Uporabnik\Application Data\tmp9D9.tmp.exe C:\Documents and Settings\Uporabnik\Application Data\tmpB5.tmp.exe C:\WINDOWS\config.ini C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\msettings.ini C:\WINDOWS\system32\dn506eaa76.dat C:\WINDOWS\system32\drivers\svchost.exe C:\WINDOWS\system32\kdzji.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DOMAINSERVICE ((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))) . 2008-07-12 22:01 . 2008-07-12 22:01 <DIR> d-------- C:\Program Files\Lavasoft 2008-07-12 22:01 . 2008-07-12 22:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-11 13:39 . 2008-07-11 13:39 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-07-09 14:14 . 2008-07-12 17:54 <DIR> d-------- C:\Program Files\Panda Security 2008-07-06 17:20 . 2002-07-12 21:04 0 --a------ C:\WINDOWS\Sysvxd.exe 2008-07-03 15:55 . 2008-07-03 15:55 <DIR> d-------- C:\Documents and Settings\KARIN\Application Data\pdf995 2008-07-02 22:15 . 2008-07-02 22:29 <DIR> d-------- C:\Documents and Settings\Uporabnik\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-12 21:22 --------- d-----w C:\Documents and Settings\Uporabnik\Application Data\Skype 2008-07-12 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-12 15:53 --------- d-----w C:\Program Files\eMule 2008-07-11 22:17 90,112 ----a-w C:\WINDOWS\DUMP4093.tmp 2008-07-11 14:26 90,112 ----a-w C:\WINDOWS\DUMP37d8.tmp 2008-07-11 14:25 90,112 ----a-w C:\WINDOWS\DUMP3b82.tmp 2008-07-11 13:55 90,112 ----a-w C:\WINDOWS\DUMP39fb.tmp 2008-07-06 17:11 --------- d-----w C:\Documents and Settings\Uporabnik\Application Data\BitTorrent 2008-07-03 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995 2008-05-26 14:36 --------- d-----w C:\Documents and Settings\KARIN\Application Data\AdobeUM 2008-05-25 08:57 --------- d-----w C:\Program Files\Google 2008-05-24 17:51 --------- d-----w C:\Documents and Settings\KARIN\Application Data\Skype 2008-05-24 17:40 --------- d-----w C:\Documents and Settings\KARIN\Application Data\Teleca 2007-10-06 07:38 2,768 ----a-w C:\Documents and Settings\Uporabnik\Application Data\ViewerApp.dat . ------- Sigcheck ------- 2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2004-08-04 03:07 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2006-08-17 12:03 359808 537f2982b94ee78f3d12415aae6c10b8 C:\WINDOWS\system32\dllcache\TCPIP.SYS 2006-08-17 12:03 359808 537f2982b94ee78f3d12415aae6c10b8 C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 17:50 68856] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-11-01 02:34 43008] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-23 00:31 25388584] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] "Vremenko"="C:\Documents and Settings\Uporabnik\My Documents\vremenko\Vremenko\vremenko.exe" [2006-07-14 10:26 4426752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 03:07 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 03:07 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 03:07 455168] "Gainward"="C:\WINDOWS\TBPanel.exe" [2005-06-07 09:45 2043904] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 11:20 6803456] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 11:20 86016] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768] "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2006-02-28 15:39 98304] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-18 11:34 180269] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 77824 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2005-06-15 11:20 1519616 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.6\GammaTray.exe [2006-12-17 11:21:57 36864] MagicTune 3.6.lnk - C:\Program Files\SEC\MagicTune3.6\MagicTuneTray.exe [2006-12-17 11:22:03 45056] NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-12-17 11:21:01 155715] NOD32 FiX.lnk - C:\WINDOWS\system32\regedt32.exe [2004-08-04 03:07:00 3584] Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-06-20 19:10:34 151552] Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-06-20 19:10:31 106496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.rsy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\msiexec.exe"= "C:\\Documents and Settings\\Uporabnik\\Application Data\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\TVAnts\\Tvants.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "C:\\Program Files\\StreamerOne\\StreamerOne.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\PPLive\\PPLive.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= S1 kcp;kcp;C:\WINDOWS\system32\drivers\kcp.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21113e10-f06a-11dc-8762-00508dd7fc0f}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-07-05 22:00:00 C:\WINDOWS\Tasks\At25.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-03 23:00:00 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-04 00:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-04 01:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-04 02:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-04 03:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-04 04:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-04 05:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-07 06:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-08 07:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-12 08:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-12 09:00:00 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-11 10:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-11 11:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-11 12:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-09 13:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-12 14:00:00 C:\WINDOWS\Tasks\At41.job" s ¨!×. \- C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-11 15:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-12 16:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-12 17:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-11 18:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-11 19:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-12 20:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\system32\Gkxl2fBV.exe "2008-07-11 21:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\system32\Gkxl2fBV.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe HKCU-Run-Tronteljcek - (no file) HKLM-Run-C:\WINDOWS\system32\kdzji.exe - C:\WINDOWS\system32\kdzji.exe HKLM-Run-NWEReboot - (no file) ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-07-12 23:22:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\SEC\MagicTune3.6\MagicTune.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2008-07-12 23:26:57 - machine was rebooted [Uporabnik] ComboFix-quarantined-files.txt 2008-07-12 21:26:52 Pre-Run: 18,381,041,664 bytes free 23 imenikov 20,001,189,888 prosto bajtov 221

Profil

bobby Poslao: 13 Jul 2008 01:56 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\system32\Gkxl2fBV.exe C:\WINDOWS\system32\drivers\kcp.sys C:\WINDOWS\Sysvxd.exe Driver:: kcp Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

cenejac Poslao: 13 Jul 2008 13:45 Idi na vrh
offline cenejac Novi MyCity građanin Pridružio: 25 Avg 2007 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Opet mi ne radi combofix. Kad ga upalim, kao da skenira ali za pola sata ništa drugo ne javlja... Inače - da čekiram, da li sam dobro razumeo postupak. Iskopirao sam gore naveden zeleni deo i prilepio ga u notepad. Notepad fajl sahranio sam na desktopu kao CFScript. A onda sam učinio to što je nacrtano na slici. Inače - kompjute mi sada izgleda normalan. Mogao sam instalirati NOD, koji je pronašao i obrisao tri virusa. Pokrenuo sam i adaware, a mogu i normalno pristupati svim mapama...

Profil

bobby Poslao: 13 Jul 2008 15:27 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobro si razumeo postupak. Jako mi je bitno da vidim nov ComboFix log, da bih se uverio da je sve sredjeno. Naime, imas u Task Sheduleru postavljeno da ti startuje na svaki okrugli sat (12:00, 13:00 itd) jedan program za koji ja sumnjam da je malware. Bitno je da na kompu nista ne radis dok ComboFix skenira. Takodje, NOD32 se ne voli sa ComboFixom, pa je neophodno da iskljucis NOD32 dok ComboFix skenira: * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Znaci, jako mi je bitno da mi postavis novi ComboFix log.

Profil

cenejac Poslao: 13 Jul 2008 19:17 Idi na vrh
offline cenejac Novi MyCity građanin Pridružio: 25 Avg 2007 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-11.1 - Uporabnik 2008-07-13 19:03:54.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.604 [GMT 2:00] Running from: C:\Documents and Settings\Uporabnik\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Uporabnik\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\drivers\kcp.sys C:\WINDOWS\system32\Gkxl2fBV.exe C:\WINDOWS\Sysvxd.exe C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Sysvxd.exe C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kcp ((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))) . 2008-07-13 06:57 . 2008-07-13 06:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-07-12 22:01 . 2008-07-12 22:01 <DIR> d-------- C:\Program Files\Lavasoft 2008-07-12 22:01 . 2008-07-13 06:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-11 13:39 . 2008-07-11 13:39 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-07-09 14:14 . 2008-07-12 17:54 <DIR> d-------- C:\Program Files\Panda Security 2008-07-03 15:55 . 2008-07-03 15:55 <DIR> d-------- C:\Documents and Settings\KARIN\Application Data\pdf995 2008-07-02 22:15 . 2008-07-02 22:29 <DIR> d-------- C:\Documents and Settings\Uporabnik\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-13 17:08 --------- d-----w C:\Documents and Settings\Uporabnik\Application Data\Skype 2008-07-13 05:10 --------- d-----w C:\Program Files\ESET 2008-07-12 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-12 15:53 --------- d-----w C:\Program Files\eMule 2008-07-11 22:17 90,112 ----a-w C:\WINDOWS\DUMP4093.tmp 2008-07-11 14:26 90,112 ----a-w C:\WINDOWS\DUMP37d8.tmp 2008-07-11 14:25 90,112 ----a-w C:\WINDOWS\DUMP3b82.tmp 2008-07-11 13:55 90,112 ----a-w C:\WINDOWS\DUMP39fb.tmp 2008-07-06 17:11 --------- d-----w C:\Documents and Settings\Uporabnik\Application Data\BitTorrent 2008-07-03 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995 2008-05-26 14:36 --------- d-----w C:\Documents and Settings\KARIN\Application Data\AdobeUM 2008-05-25 08:57 --------- d-----w C:\Program Files\Google 2008-05-24 17:51 --------- d-----w C:\Documents and Settings\KARIN\Application Data\Skype 2008-05-24 17:40 --------- d-----w C:\Documents and Settings\KARIN\Application Data\Teleca 2007-10-06 07:38 2,768 ----a-w C:\Documents and Settings\Uporabnik\Application Data\ViewerApp.dat . ------- Sigcheck ------- 2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2004-08-04 03:07 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2006-08-17 12:03 359808 537f2982b94ee78f3d12415aae6c10b8 C:\WINDOWS\system32\dllcache\TCPIP.SYS 2006-08-17 12:03 359808 537f2982b94ee78f3d12415aae6c10b8 C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-12 21:21:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-13 17:07:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2002-07-13 05:00:38 300,048 ----a-w C:\WINDOWS\system32\drivers\amon.sys + 2002-07-13 05:00:38 245,760 ----a-w C:\WINDOWS\system32\imon.dll + 2002-07-13 05:00:38 114,688 ----a-w C:\WINDOWS\system32\nms32.dll - 2008-07-12 21:22:01 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT + 2008-07-13 17:07:29 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 17:50 68856] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-11-01 02:34 43008] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-23 00:31 25388584] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] "Vremenko"="C:\Documents and Settings\Uporabnik\My Documents\vremenko\Vremenko\vremenko.exe" [2006-07-14 10:26 4426752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 03:07 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 03:07 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 03:07 455168] "Gainward"="C:\WINDOWS\TBPanel.exe" [2005-06-07 09:45 2043904] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 11:20 6803456] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 11:20 86016] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768] "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2006-02-28 15:39 98304] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-18 11:34 180269] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-01-28 18:01 847872] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 77824 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2005-06-15 11:20 1519616 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.6\GammaTray.exe [2006-12-17 11:21:57 36864] MagicTune 3.6.lnk - C:\Program Files\SEC\MagicTune3.6\MagicTuneTray.exe [2006-12-17 11:22:03 45056] NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-12-17 11:21:01 155715] NOD32 FiX.lnk - C:\WINDOWS\system32\regedt32.exe [2004-08-04 03:07:00 3584] Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-06-20 19:10:34 151552] Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-06-20 19:10:31 106496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.rsy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\msiexec.exe"= "C:\\Documents and Settings\\Uporabnik\\Application Data\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\TVAnts\\Tvants.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "C:\\Program Files\\StreamerOne\\StreamerOne.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\PPLive\\PPLive.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21113e10-f06a-11dc-8762-00508dd7fc0f}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . - - - - ORPHANS REMOVED - - - - HKLM-Run-C:\WINDOWS\system32\kdzji.exe - C:\WINDOWS\system32\kdzji.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-07-13 19:07:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\SEC\MagicTune3.6\MagicTune.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2008-07-13 19:12:31 - machine was rebooted [Uporabnik] ComboFix-quarantined-files.txt 2008-07-13 17:12:27 ComboFix2.txt 2008-07-12 21:26:58 Pre-Run: 19,848,982,528 bytes free 23 imenikov 19,876,364,288 prosto bajtov 220

Profil

bobby Poslao: 13 Jul 2008 19:21 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako se sada komp ponasa? Ima li jos simptoma?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Molim za pomoč

Ko je trenutno na forumu

Ukupno su 1142 korisnika na forumu :: 48 registrovanih, 2 sakrivenih i 1092 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AirSremac, AK - 230, Aleksandar Tomić, Avalon015, bbrasnjo3, bobomicek, Bookie90, BOXRR, Brankojle, Burovnyak, Colt D, dekan.m, Djokislav, Duk011, gagidjuric, Goran 0000, gost321, Goxy1, Hitri, Imperator_Aleksandr_lll, Ir, Jeremiah, Litostroton, Macalone, Martin543, maxim_von_burdengate, mercedesamg, OgnjenMitric, Papadubi, Prečanin30, raster12, redstar72, Rogan33, ruma, sap, SDsd, Sniperman, Solunac na steroidima, Srna, Tastatura ratnik, tubular, Vatreni Zmaj, voja64, VPV, Zastava, Zimbabwe, Zoran1959, Ćuk

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by