MyCity » Ambulanta -> Arhiva Ambulante » Nema ikona na desktopu

Nema ikona na desktopu

Napisano na dan: 15.7.2008

Strana:
1
2

Nema ikona na desktopu

Sledeća strana

Pagination

Odgovori

Strana:
1
2

canke Poslao: 15 Jul 2008 17:10 Idi na vrh
offline canke Građanin Pridružio: 06 Maj 2008 Poruke: 90	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kad se sistem podigne nema ikona, podignem iz cafe moda sve ima normalno,restartujem pojave se ikone kojesu delimicno aktivne a start meni sa tolbar ikonama je zaledjen narednih deset minuta. Po zvuku i usporenju kao da je zarazen, ali NOD nemoze nista da otkrije. Logfile of HijackThis v1.99.1 Scan saved at 5:05:48 PM, on 15-Jul-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\mqsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\stamenko\Desktop\Lek\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {444FC7D1-8F08-4377-B39B-4D75AE0E9F70} - C:\WINDOWS\system32\efcCvUll.dll O2 - BHO: (no name) - {7672928A-995C-4DFC-B143-C6143CF7E02C} - C:\WINDOWS\system32\mlJAtUOI.dll (file missing) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O2 - BHO: (no name) - {D10F9757-D136-49B2-B081-3CE3DAE4438C} - C:\WINDOWS\system32\ddcCVPff.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [BM39412636] Rundll32.exe "C:\WINDOWS\system32\rlusyprn.dll",s O4 - HKLM\..\Run: [3a7215aa] rundll32.exe "C:\WINDOWS\system32\pmimnmtt.dll",b O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [2c8c1ed6] rundll32.exe "C:\WINDOWS\system32\fyvkfhde.dll",b O4 - HKLM\..\Run: [BM2fbf2d4a] Rundll32.exe "C:\WINDOWS\system32\rlusyprn.dll",s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....4231977837 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC33E2EC-BDAB-485B-9C5F-9C0423EB064B}: NameServer = 77.46.137.2 O20 - Winlogon Notify: efcCvUll - C:\WINDOWS\SYSTEM32\efcCvUll.dll O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Service - Unknown owner - C:\Program Files\BIEN Soft\dxflines\dxflines.exe (file missing)

Profil

dr_Bora Poslao: 15 Jul 2008 17:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: * Update Malwarebytes' Anti-Malware * Launch Malwarebytes Anti-Malware * Zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). Nakon toga, postavi i svež HijackThis log.

Profil

canke Poslao: 15 Jul 2008 18:53 Idi na vrh
offline canke Građanin Pridružio: 06 Maj 2008 Poruke: 90	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Malwarebytes' Anti-Malware 1.20 Database version: 953 Windows 5.1.2600 Service Pack 2 5:55:36 PM 15-Jul-08 mbam-log-7-15-2008 (17-55-36).txt Scan type: Quick Scan Objects scanned: 43651 Time elapsed: 6 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 14 Registry Values Infected: 5 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 20 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\ddcCVPff.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\fyvkfhde.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\uvpdwtpw.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\efcCvUll.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d10f9757-d136-49b2-b081-3ce3dae4438c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d10f9757-d136-49b2-b081-3ce3dae4438c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SystemErrorFixerDownloader (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{444fc7d1-8f08-4377-b39b-4d75ae0e9f70} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{444fc7d1-8f08-4377-b39b-4d75ae0e9f70} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efccvull (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c8c1ed6 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm39412636 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm2fbf2d4a (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3a7215aa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{444fc7d1-8f08-4377-b39b-4d75ae0e9f70} (Trojan.Vundo) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddccvpff -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddccvpff -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ddcCVPff.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\ffPVCcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ffPVCcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fyvkfhde.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\edhfkvyf.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\survhsgj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jgshvrus.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uvpdwtpw.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\wptwdpvu.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rlusyprn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jxhgxong.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nbaypogy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tmcfthwq.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\efcCvUll.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\BM2fbf2d4a.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM39412636.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM2fbf2d4a.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM39412636.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Dopuna: 15 Jul 2008 18:53 Zaboravijo sam logofile stanje sa racunarom je isto. Logfile of HijackThis v1.99.1 Scan saved at 6:46:29 PM, on 15-Jul-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\mqsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\stamenko\Desktop\Lek\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {7672928A-995C-4DFC-B143-C6143CF7E02C} - C:\WINDOWS\system32\mlJAtUOI.dll (file missing) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....4231977837 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC33E2EC-BDAB-485B-9C5F-9C0423EB064B}: NameServer = 77.46.137.2 O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Service - Unknown owner - C:\Program Files\BIEN Soft\dxflines\dxflines.exe (file missing)

Profil

dr_Bora Poslao: 15 Jul 2008 19:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

canke Poslao: 15 Jul 2008 21:37 Idi na vrh
offline canke Građanin Pridružio: 06 Maj 2008 Poruke: 90	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix je skeniro racunar se restartovo sistem se nije podigao desktop je crn sa ovim natpisom; Invalid system disk Replace the disk, and then press any key Dopuna: 15 Jul 2008 21:37 ComboFix 08-07-14.2 - stamenko 2008-07-15 20:26:21.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.230 [GMT 2:00] Running from: C:\Documents and Settings\stamenko\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\beotijbm.ini C:\WINDOWS\system32\Cache C:\WINDOWS\system32\ddcCVPff.dll C:\WINDOWS\system32\efcCvUll.dll C:\WINDOWS\system32\ejywtkga.ini C:\WINDOWS\system32\ffPVCcdd.ini C:\WINDOWS\system32\ffPVCcdd.ini2 C:\WINDOWS\system32\ftehgrht.ini C:\WINDOWS\system32\fyvkfhde.dll C:\WINDOWS\system32\icactwks.ini C:\WINDOWS\system32\IOUtAJlm.ini C:\WINDOWS\system32\IOUtAJlm.ini2 C:\WINDOWS\system32\iutikhge.dll C:\WINDOWS\system32\iwmmkdkp.ini C:\WINDOWS\system32\jeqjmpfe.ini C:\WINDOWS\system32\khqhoxku.ini C:\WINDOWS\system32\kislgwgu.ini C:\WINDOWS\system32\kurjaaeq.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ourmvduc.ini C:\WINDOWS\system32\ovskmjfk.ini C:\WINDOWS\system32\pgkaeema.dll C:\WINDOWS\system32\qdxjykhw.ini C:\WINDOWS\system32\tmcfthwq.dll C:\WINDOWS\system32\ttmnmimp.ini C:\WINDOWS\system32\uvpdwtpw.dll C:\WINDOWS\system32\vjyeyxfl.ini C:\WINDOWS\system32\xyjpaaue.ini C:\WINDOWS\system32\yxjdykvr.dll . ((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))) . 2008-07-15 17:45 . 2008-07-15 17:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-15 17:45 . 2008-07-15 17:45 <DIR> d-------- C:\Documents and Settings\stamenko\Application Data\Malwarebytes 2008-07-15 17:45 . 2008-07-15 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-15 17:45 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-15 17:45 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-12 00:19 . 2001-08-23 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-07-12 00:18 . 2001-08-23 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-07-12 00:13 . 2008-07-12 00:13 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-07-12 00:13 . 2008-07-12 00:13 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-07-12 00:13 . 2008-07-12 00:13 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-07-12 00:13 . 2008-07-12 00:13 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-07-12 00:13 . 2008-07-12 00:13 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-07-12 00:13 . 2008-07-12 00:13 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-07-12 00:01 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll 2008-07-12 00:01 . 2001-08-23 14:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe 2008-07-12 00:00 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2008-07-12 00:00 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2008-07-12 00:00 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2008-07-12 00:00 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2008-07-11 23:50 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2008-07-11 23:48 . 2001-08-23 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-07-11 23:48 . 2001-08-23 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2008-07-11 23:48 . 2001-08-23 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2008-07-11 23:48 . 2001-08-23 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2008-07-11 23:08 . 2008-07-14 18:16 535,707,648 --a------ C:\WINDOWS\MEMORY.DMP 2008-07-10 21:36 . 2008-07-13 14:12 <DIR> d--hs---- C:\FOUND.018 2008-07-05 22:13 . 2008-07-11 21:53 10,037,419 --a------ C:\Program Files\MasterCAM_X2_v11_SP1-CYGiSO_keygen.zip 2008-07-04 23:31 . 2008-07-04 23:31 <DIR> d-------- C:\Program Files\PowerISO 2008-07-03 23:03 . 2008-07-03 23:03 <DIR> d-------- C:\Fluent.Inc 2008-06-29 22:46 . 2008-06-29 22:46 <DIR> d-------- C:\Documents and Settings\stamenko\Application Data\vlc 2008-06-29 22:41 . 2008-06-29 22:41 <DIR> d-------- C:\Program Files\VideoLAN 2008-06-29 21:49 . 2008-06-29 21:49 819,961,801 --a------ C:\3D Studio Max 9 + Tutorials and Keygen.uif.fb! 2008-06-27 22:36 . 2008-06-27 22:36 <DIR> d-------- C:\Documents and Settings\stamenko\Application Data\Moyea 2008-06-27 22:35 . 2008-06-27 22:35 <DIR> d-------- C:\Program Files\Moyea 2008-06-27 18:12 . 2008-06-27 18:12 <DIR> d--hs---- C:\FOUND.017 2008-06-22 16:40 . 2008-06-22 16:40 <DIR> d-------- C:\Mcam9 2008-06-21 17:25 . 2008-06-21 17:25 <DIR> d--hs---- C:\FOUND.016 2008-06-20 18:14 . 2008-06-20 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Metacafe 2008-06-20 13:58 . 2008-06-20 13:58 <DIR> d--hs---- C:\FOUND.015 2008-06-19 16:49 . 2008-06-19 16:49 <DIR> d--hs---- C:\FOUND.014 2008-06-18 00:38 . 2008-06-18 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-06-18 00:32 . 2008-06-18 00:32 <DIR> d-------- C:\Program Files\Bonjour 2008-06-18 00:19 . 2008-06-18 00:20 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-06-18 00:13 . 2008-06-18 00:13 <DIR> d-------- C:\Program Files\Adobe CS3 2008-06-16 23:19 . 2008-06-16 23:19 <DIR> d---s---- C:\Documents and Settings\Administrator 2008-06-16 22:41 . 2004-08-04 00:56 61,440 --a--c--- C:\WINDOWS\system32\dllcache\httpod51.dll 2008-06-16 22:41 . 2004-08-04 00:56 46,592 --a--c--- C:\WINDOWS\system32\dllcache\sspifilt.dll 2008-06-16 22:41 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\httpmb51.dll 2008-06-16 22:24 . 2004-07-17 11:45 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-13 20:10 --------- d-----w C:\Program Files\UltimateZip 2008-07-13 14:18 --------- d-----w C:\Program Files\FlashGet 2008-07-13 12:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-13 12:12 --------- d-----w C:\Documents and Settings\stamenko\Application Data\uTorrent 2008-07-12 20:04 522 ---ha-w C:\os765059.bin 2008-06-13 14:14 --------- d-----w C:\Program Files\Rainbow Technologies 2008-06-13 14:09 --------- d-----w C:\Program Files\ArtCAM Pro 8 2008-06-12 14:32 397 ----a-w C:\Program Files\CNC 3d Upravljac.lnk 2008-06-12 12:40 8,704 --sha-w C:\Program Files\Thumbs.db 2008-06-11 08:03 --------- d-----w C:\Program Files\SETUP 2008-06-11 08:03 --------- d-----w C:\Program Files\Help 2008-06-10 12:07 --------- d-----w C:\Program Files\free-downloads.net 2008-06-10 04:11 --------- d-----w C:\Documents and Settings\stamenko\Application Data\Thinstall 2008-06-07 06:03 --------- d-----w C:\Program Files\Alcohol Soft 2008-06-03 19:36 --------- d-----w C:\Program Files\Optimik 2008-06-03 12:52 --------- d-----w C:\Program Files\Blender Foundation 2008-06-03 12:52 --------- d-----w C:\Documents and Settings\stamenko\Application Data\Blender Foundation 2008-05-23 22:51 --------- d-----w C:\Program Files\gCAD3D 2008-05-20 07:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe(2) 2008-05-17 20:55 --------- d-----w C:\Program Files\Filzip 2007-12-09 05:24 2,492 ----a-w C:\Documents and Settings\stamenko\Application Data\ViewerApp.dat 2006-08-18 18:25 5,040 ----a-w C:\Program Files\LazyCamsDocs.zip . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-11-28 16:50 917504] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 11:07 65536] "ATIModeChange"="Ati2mdxx.exe" [2004-04-01 21:43 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "MsmqIntCert"="mqrt.dll" [2004-08-03 22:56 177152 C:\WINDOWS\system32\mqrt.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "SENTINEL"= snti386.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^stamenko^Start Menu^Programs^Startup^ubisoft register.lnk] path=C:\Documents and Settings\stamenko\Start Menu\Programs\Startup\ubisoft register.lnk backup=C:\WINDOWS\pss\ubisoft register.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2003-08-25 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-03 22:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-09-25 10:29 2007088 C:\Program Files\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol] --a------ 2004-01-19 11:07 65536 C:\WINDOWS\ATK0100\Hcontrol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-10-31 19:42 32768 C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-05-15 10:40 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU] --a------ 2005-07-14 11:40 413696 C:\Program Files\TP-LINK\TWCU\TWCU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a------ 2004-04-01 21:43 28672 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] --a------ 2004-08-03 22:56 177152 C:\WINDOWS\system32\mqrt.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "FreezeScreenSaver"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\FlashGet\\FlashGet.exe"= "C:\\Program Files\\ASUS\\AP Utilities\\Wireless.exe"= "C:\\Documents and Settings\\STAMENKO\\Application Data\\Thinstall\\CatiaV5Lite\\400000c00002i\\CNEXT.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Documents and Settings\\stamenko\\Desktop\\utorrent-1.8-alpha-8682.upx.exe"= "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2005-10-31 17:50] R2 ddnt;ddnt;C:\WINDOWS\system32\drivers\ddnt.sys [2006-06-02 22:48] R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS [1999-01-10 19:00] R2 io.sys;IO.DLL Driver;C:\WINDOWS\System32\drivers\io.sys [2006-01-25 03:27] R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36] R3 Mach2;Mach2 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach2.sys [2003-11-08 02:44] R3 Mach3;Mach3 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach3.sys [2006-03-16 06:07] R3 Pulser;CNC Pulseing Service;C:\WINDOWS\system32\Drivers\Pulser.sys [2002-05-02 23:49] S3 Ptserli;PCTEL Serial Device Driver for INTEL;C:\WINDOWS\system32\DRIVERS\ptserli.sys [2001-08-17 13:28] S3 zlportio;zlportio;C:\Program Files\cp09632\temp\zlportio.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{167c5650-3e09-11dd-9264-000e352bce89}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23c7e1c0-37a0-11dd-9230-00112fde9b0a}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52931fd0-0d84-11dd-91ef-00112fde9b0a}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78bec810-3f5e-11dd-926a-000e352bce89}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccebc070-51bc-11dd-92ee-000e352bce89}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0e8d0b1-0150-11dd-91d9-00112fde9b0a}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1cf2570-48da-11dd-92a6-000e352bce89}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5731930-4480-11dd-9290-c313f52fbdc0}] \Shell\AutoRun\command - E:\AutoRun.exe . Contents of the 'Scheduled Tasks' folder "2008-07-13 19:29:00 C:\WINDOWS\Tasks\{016E2323-7D1D-49B1-8431-57F665BC6E08}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-07-08 07:00:02 C:\WINDOWS\Tasks\{530A5723-BBAF-4112-AB67-22168A3C95BF}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-07-15 14:00:00 C:\WINDOWS\Tasks\{97F2A16A-507D-4D7C-A9E6-AB9CE53792DD}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= "2008-07-11 14:00:02 C:\WINDOWS\Tasks\{EDCBC54F-DDE2-4E5B-B274-DE8192C27494}_TRADICIJ-PHDH6Y_stamenko.job" - C:\WINDOWS\system32\mobsync.exeM /Schedule= . - - - - ORPHANS REMOVED - - - - BHO-{7672928A-995C-4DFC-B143-C6143CF7E02C} - C:\WINDOWS\system32\mlJAtUOI.dll MSConfigStartUp-3a7215aa - C:\WINDOWS\system32\survhsgj.dll MSConfigStartUp-BM39412636 - C:\WINDOWS\system32\nbaypogy.dll MSConfigStartUp-ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe MSConfigStartUp-SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSConfigStartUp-SynTPLpr - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-07-15 21:13:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Ahead\InCD\INCDSRV.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\snmp.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-07-15 21:15:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-15 19:15:40 ComboFix2.txt 2008-06-17 13:20:34 Pre-Run: 34,537,762,816 bytes free Post-Run: 34,544,005,120 bytes free 274 --- E O F --- 2008-07-02 19:19:20 Nista se nije poboljsajo

Profil

dr_Bora Poslao: 15 Jul 2008 21:56 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne vidim ovde bilo šta problematično (sem toga što naveliko konzumiraš piratski softver što je verovatno uzrok redovnog ponavljanja istih infekcija). Preuzmi Dr.Web CureIt (~ 10 MB). Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode) Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu. ------------------------------------------------------------------------------------- Nakon toga, iz Normal Mode-a... Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili

Profil

canke Poslao: 16 Jul 2008 16:37 Idi na vrh
offline canke Građanin Pridružio: 06 Maj 2008 Poruke: 90	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: RemoveWGA.exe;C:\Download;Tool.RemoveWGA;Incurable.Moved.; RemoveWGA.exe;C:\Download\_AntiGenuine;Tool.RemoveWGA;Incurable.Moved.; 0R0G0GAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.16;Deleted.; 1AMIWTCA.NQF;C:\Program Files\Eset\infected;Trojan.Winfixer;Deleted.; 1LVEMLDA.NQF;C:\Program Files\Eset\infected;Adware.Winfixer;Incurable.Moved.; 2QFB1RCA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; 2UTCTTAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; 31DSIYAA.NQF;C:\Program Files\Eset\infected;Trojan.Winfixer;Deleted.; 3Z1RP2DA.NQF\pwdump2\pwdump2.exe;C:\Program Files\Eset\infected\3Z1RP2DA.NQF;Tool.Pwdump;; 3Z1RP2DA.NQF\pwdump2\samdump.dll;C:\Program Files\Eset\infected\3Z1RP2DA.NQF;Tool.Pwdump;; 3Z1RP2DA.NQF;C:\Program Files\Eset\infected;Archive contains infected objects;Moved.; 4S34SMCA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.16;Deleted.; 4UL3QLBA.NQF;C:\Program Files\Eset\infected;Trojan.Fakealert.482;Deleted.; 5AQOMUAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; 5NVLFNAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.367;Deleted.; A2NSS1BA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.269;Deleted.; AK1CXYAA.NQF\pwdump2\pwdump2.exe;C:\Program Files\Eset\infected\AK1CXYAA.NQF;Tool.Pwdump;; AK1CXYAA.NQF\pwdump2\samdump.dll;C:\Program Files\Eset\infected\AK1CXYAA.NQF;Tool.Pwdump;; AK1CXYAA.NQF;C:\Program Files\Eset\infected;Archive contains infected objects;Moved.; BXSPUPBA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.12;Incurable.Moved.; C3FFZQCA.NQF;C:\Program Files\Eset\infected;Trojan.AVKill.408;Deleted.; CEWOMODA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based;Incurable.Moved.; CZTOE2AA.NQF;C:\Program Files\Eset\infected;Adware.Winfixer;Incurable.Moved.; D3CNZRBA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.365;Deleted.; DD2YPOAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.274;Deleted.; DNRXQ1BA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.422;Deleted.; DURQILCA.NQF;C:\Program Files\Eset\infected;Adware.Winfixer;Incurable.Moved.; EYNCDDBA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; FURYVOBA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.12;Incurable.Moved.; H0SR5RAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.13;Incurable.Moved.; H0USDIBA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.260;Deleted.; HLEOYVCA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based;Incurable.Moved.; HYZH2QDA.NQF\data002;C:\Program Files\Eset\infected\HYZH2QDA.NQF;BackDoor.Poison;; HYZH2QDA.NQF;C:\Program Files\Eset\infected;Archive contains infected objects;Moved.; IIMTSDDA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; JJBJNHDA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.375;Deleted.; JPBVQQBA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; JXE2VJCA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; KGUZFYAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; KUUQZDCA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.280;Deleted.; LGBZL1DA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.280;Deleted.; LIWLEFDA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; LKUFVDAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; LTSGMGDA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based;Incurable.Moved.; M3EVD0DA.NQF;C:\Program Files\Eset\infected;Adware.Winfixer;Incurable.Moved.; MN5JGUAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based;Incurable.Moved.; MXDYT1DA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; NHLQ2YBA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; NZ1ENNCA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; OATLYZDA.NQF\data006;C:\Program Files\Eset\infected\OATLYZDA.NQF;Adware.OneStep;; OATLYZDA.NQF\data007;C:\Program Files\Eset\infected\OATLYZDA.NQF;Adware.OneStep;; OATLYZDA.NQF;C:\Program Files\Eset\infected;Archive contains infected objects;Moved.; OIYFWQCA.NQF;C:\Program Files\Eset\infected;Trojan.Winfixer;Deleted.; OQRXL3CA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.16;Deleted.; PASALBBA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; POUL3CCA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; PT03YRCA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.365;Deleted.; PUCYUEAA.NQF;C:\Program Files\Eset\infected;Trojan.DownLoader.10963;Deleted.; QQAV10CA.NQF;C:\Program Files\Eset\infected;Trojan.Fakealert;Deleted.; QQYMYPCA.NQF;C:\Program Files\Eset\infected;Adware.Winfixer;Incurable.Moved.; QXJ5BOBA.NQF;C:\Program Files\Eset\infected;Trojan.Winfixer;Deleted.; R41XU3AA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; RSSDY1AA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; SOMOKFDA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.280;Deleted.; SVIZVCDA.NQF;C:\Program Files\Eset\infected;Trojan.Fakealert.512;Deleted.; T0SVM5DA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.354;Deleted.; TBYBLRAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.16;Deleted.; TDTOKKAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; TTEQUOCA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.274;Deleted.; U5XDB1DA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.346;Deleted.; US1T4HCA.NQF;C:\Program Files\Eset\infected;Adware.Winfixer;Incurable.Moved.; V5B4UNCA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; VF33DYAA.NQF;C:\Program Files\Eset\infected;Trojan.Winfixer;Deleted.; VFWDDPDA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; VW4MEOCA.NQF;C:\Program Files\Eset\infected;Adware.Winfixer;Incurable.Moved.; WCLWRCDA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.13;Incurable.Moved.; WFMQJEAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.13;Incurable.Moved.; WMA3PZBA.NQF;C:\Program Files\Eset\infected;Trojan.DownLoader.59074;Deleted.; WSYYJAAA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.based.21;Deleted.; XALLWFDA.NQF;C:\Program Files\Eset\infected;Trojan.Fakealert.512;Deleted.; XOO05ODA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.318;Deleted.; Z35YXFCA.NQF;C:\Program Files\Eset\infected;Trojan.Virtumod.280;Deleted.; iutikhge.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.; kurjaaeq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.; pgkaeema.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.; yxjdykvr.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.; A0000028.dll;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP1;Trojan.Virtumod.based.21;Deleted.; A0010351.exe\is154233.exe;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP2\A0010351.exe;Trojan.Virtumod.based.11;; A0010351.exe;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP2;Archive contains infected objects;Moved.; A0010357.dll;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP2;Trojan.Virtumod.based.21;Deleted.; A0015506.dll;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4;Trojan.Virtumod.based.21;Deleted.; A0015507.dll;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4;Trojan.Virtumod.based.21;Deleted.; A0015508.dll;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4;Trojan.Virtumod.based.21;Deleted.; A0015511.dll;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4;Trojan.Virtumod.based.21;Deleted.; A0015542.EXE;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4;Program.PsExec.170;Incurable.Moved.; A0015585.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4\A0015585.exe;Program.PsExec.171;; A0015585.exe;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4;Archive contains infected objects;Moved.; A0015586.exe;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4;Trojan.Click.18705;Deleted.; A0015587.exe;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4;Trojan.Click.18705;Deleted.; A0015588.exe;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4;Trojan.Click.18705;Deleted.; A0015589.exe;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4;BackDoor.Pigeon.13433;Deleted.; A0015590.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4\A0015590.exe;Program.PsExec.171;; A0015590.exe;C:\System Volume Information\_restore{97D99E7B-989A-4A02-A025-606C5DBB1C42}\RP4;Archive contains infected objects;Moved.; webinst.dll;C:\WINDOWS\Downloaded Program Files;Trojan.Fakealert.878;Deleted.; mycity.rs/must-login.png mycity.rs/must-login.png

Profil

dr_Bora Poslao: 16 Jul 2008 16:45 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Trenutno stanje? Ako postoji neki problem, precizno ga opiši.

Profil

canke Poslao: 16 Jul 2008 18:05 Idi na vrh
offline canke Građanin Pridružio: 06 Maj 2008 Poruke: 90	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ovako restartujem podigne se sistem pojave se ikone na desktopu reaguju na klik. Taskbar na njemu start, Quick Launch i sat koi neradi, nista ne reaguje na klik. Nema monitora. Posle 17 minuta sve se aktivira sat se pomera na tacno vreme pojve se monitori sve je aktivno. Konektujem se, internet radi normalno kao i pre ovih problema i nema onog skripavog zvuka od virusa

Profil

dr_Bora Poslao: 16 Jul 2008 21:31 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako: problem nije prouzrokovan malware-om, stoga ovo nije odgovarajući forum za njegovo rešavanje. Što se tiče samog problema, mnogo uzroka može da postoji (a ja imam premalo vremena da bih se upuštao u tu priču). Preporučujem da probaš sa googlanjem pojma "taskbar freezes on startup" - to će ti dati neke ideje kuda dalje. Takođe, možeš otvoriti i temu u forumu Windows i obrazložiti problem. Toliko od mene.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Nema ikona na desktopu

Ko je trenutno na forumu

Ukupno su 1086 korisnika na forumu :: 49 registrovanih, 9 sakrivenih i 1028 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Apok, babaroga, Bokiboks, bokisha253, darkangel, drimer, dule10savic, FOX, Insan, Karla, kihot, Klecaviks, Kubovac, kubura91, kunktator, ljuba, Lubica, Mi lao shu, mikrimaus, milenko crazy north, minmatar34957, Mixelotti, mrav pesadinac, nenad81, Nobunaga, ObelixSRB, Parker, pein, prle122, procesor, raptorsi, RJ, sasa87, shone34, Sirius, slonic_tonic, Smiljke, sovanova95, stalja, styg, Sumadija34, theNedjeljko, Tvrtko I, vathra, Zoca, žeks62, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by