MyCity » Ambulanta -> Arhiva Ambulante » POMOĆ; pomoć

POMOĆ; pomoć

Napisano na dan: 5.1.2008

POMOĆ; pomoć

Odgovori

Balovac Poslao: 05 Jan 2008 20:27 Idi na vrh
offline Balovac Novi MyCity građanin Pridružio: 05 Jan 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 20:05:22, on 6.1.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\svchost.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\Ati2evxx.exe c:\windows\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\HPWSTBX.exe C:\Documents and Settings\Jovica\Desktop\PERA\TR TR.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {940683D6-1A27-43BE-8C18-7B2A27FF4148} - C:\WINDOWS\system32\confms.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\spoclsv.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{BD5C263E-C155-4DE7-9439-D750257C7603}: NameServer = 212.200.191.166 212.200.190.166 O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Flexlm Service 1 - Macrovision Corporation - C:\Program Files\Autodesk Civil 3D 2007\SHooTERS\FlexLM\Lmgrd.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe

Profil

dr_Bora Poslao: 06 Jan 2008 02:04 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Skini ComboFix sa jedne od sledecih adresa: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

Balovac Poslao: 06 Jan 2008 12:55 Idi na vrh
offline Balovac Novi MyCity građanin Pridružio: 05 Jan 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-01-04.1 - Jovica 2008-01-07 12:34:24.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.193 [GMT 1:00] Running from: C:\Documents and Settings\Jovica\Desktop\PERA\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))) . 2008-01-07 12:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-30 19:42 . 2007-12-30 19:42 <DIR> d-------- C:\Program Files\Samsung 2007-12-30 00:12 . 2008-01-05 10:04 <DIR> d-------- C:\Program Files\TuneUp Utilities 2006 2007-12-30 00:12 . 2007-12-30 00:12 <DIR> d-------- C:\Documents and Settings\Jovica\Application Data\TuneUp Software 2007-12-28 21:46 . 2007-12-28 21:46 <DIR> d---s---- C:\Documents and Settings\Jovica\UserData 2007-12-28 18:35 . 2008-01-07 00:24 <DIR> d-------- C:\temp 2007-12-28 18:14 . 2007-12-28 18:40 <DIR> d-------- C:\Program Files\AutoCAD Civil 3D Land Desktop Companion 2008 2007-12-28 18:14 . 2008-01-05 14:00 <DIR> d-------- C:\Land Projects 2008 2007-12-26 20:05 . 2008-01-05 10:04 <DIR> d-------- C:\Program Files\Autodesk Civil 3D 2007 2007-12-26 00:17 . 2007-12-26 00:17 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2007-12-26 00:17 . 2007-12-26 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2007-12-25 18:56 . 2007-12-25 18:56 <DIR> d-------- C:\Program Files\Alwil Software 2007-12-25 18:56 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-25 18:56 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-12-25 18:56 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-25 18:56 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-25 18:56 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-25 18:56 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-25 18:56 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-25 18:56 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-24 18:10 . 2008-01-05 11:22 18,432 --a------ C:\WINDOWS\system32\secpol.exe 2007-12-24 15:04 . 2007-12-24 15:04 <DIR> d-------- C:\WINDOWS\system32\Lang 2007-12-24 15:04 . 2007-12-24 15:04 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2007-12-24 15:04 . 2007-12-24 15:04 125,690 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2007-12-24 15:04 . 2007-12-24 15:04 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER 2007-12-24 15:04 . 2007-12-24 15:04 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE 2007-12-18 18:25 . 2007-12-18 18:25 1,158 --a------ C:\WINDOWS\mozver.dat 2007-12-17 20:42 . 2007-12-17 20:42 58,880 --a------ C:\WINDOWS\system32\fsmgmt.dll.tmp 2007-12-17 20:42 . 2008-01-05 11:22 58,880 --a------ C:\WINDOWS\system32\fsmgmt.dll 2007-12-16 23:55 . 2008-01-07 12:24 <DIR> d-------- C:\Program Files\CONTACT 2007-12-14 17:26 . 1997-01-29 17:58 462,848 -ra------ C:\WINDOWS\system32\nmw3vwn.dll 2007-12-14 17:26 . 1997-01-29 17:53 240,640 -ra------ C:\WINDOWS\system32\nmocod.dll 2007-12-14 17:26 . 1997-01-29 18:05 169,472 -ra------ C:\WINDOWS\system32\Html.ocx 2007-12-14 17:26 . 1997-03-04 13:44 66,560 -ra------ C:\WINDOWS\system32\nmorenu.dll 2007-12-14 17:26 . 1997-01-29 17:46 48,128 -ra------ C:\WINDOWS\system32\nmsckn.dll 2007-12-09 10:06 . 2008-01-07 12:27 <DIR> d-------- C:\Program Files\SiSoftware 2007-12-09 10:06 . 2004-11-21 14:51 53,248 --a------ C:\WINDOWS\system32\SanCpl.cpl 2007-12-09 08:07 . 2007-12-09 08:18 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2007-12-09 08:07 . 2007-12-09 08:18 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2007-12-09 08:07 . 2007-12-09 08:18 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2007-12-09 08:06 . 2008-01-07 12:28 <DIR> d-------- C:\Program Files\WON 2007-12-09 08:06 . 2008-01-07 12:27 <DIR> d-------- C:\Program Files\Sierra On-Line 2007-12-09 08:06 . 2007-12-09 08:06 <DIR> d-------- C:\Documents and Settings\Jovica\WINDOWS 2007-12-09 08:06 . 1998-10-21 18:43 328,704 --a------ C:\WINDOWS\IsUn0407.exe 2007-12-09 08:06 . 2007-12-09 08:06 196 --a------ C:\WINDOWS\SIERRA.INI 2007-12-09 07:52 . 2008-01-06 12:00 10 --a------ C:\WINDOWS\popcinfo.dat 2007-12-09 07:38 . 2008-01-07 12:28 <DIR> d-------- C:\Program Files\Virtual Earth 3D 2007-12-09 06:08 . 2008-01-07 12:24 <DIR> d-------- C:\Program Files\BeoINFO 2007-12-09 06:08 . 1999-10-26 23:00 929,844 --a------ C:\WINDOWS\system32\Mfc42d.dll 2007-12-09 06:08 . 1999-10-26 23:00 798,773 --a------ C:\WINDOWS\system32\Mfco42d.dll 2007-12-09 06:08 . 2000-03-06 23:00 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll 2007-12-09 06:08 . 1996-11-08 02:48 368,912 -ra------ C:\WINDOWS\system32\vbar332.dll 2007-12-09 06:08 . 1999-10-26 23:00 274,485 --a------ C:\WINDOWS\system32\Mfcd42d.dll 2007-12-09 06:08 . 2007-12-09 06:08 0 --a------ C:\WINDOWS\BeoINFO.INI 2007-12-09 05:23 . 2008-01-05 13:38 116 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-09 04:35 . 2007-12-09 04:35 <DIR> d-------- C:\Documents and Settings\Jovica\Application Data\ACD Systems 2007-12-09 00:48 . 2007-12-09 00:48 <DIR> d-------- C:\Documents and Settings\Jovica\Application Data\ABBYY 2007-12-09 00:47 . 2007-12-09 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ABBYY 2007-12-09 00:46 . 2008-01-07 12:22 <DIR> d-------- C:\Program Files\ABBYY FineReader 7.0 Professional Edition 2007-12-09 00:42 . 2008-01-07 12:21 <DIR> d-------- C:\FR70PRO 2007-12-09 00:41 . 2007-12-09 00:41 <DIR> d-------- C:\Documents and Settings\Jovica\Application Data\AdobeUM 2007-12-09 00:37 . 2007-12-09 00:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2007-12-08 23:58 . 2007-12-14 18:40 <DIR> d-------- C:\Documents and Settings\Jovica\Application Data\Ahead 2007-12-08 23:57 . 2008-01-07 12:26 <DIR> d-------- C:\Program Files\Nero 2007-12-08 23:57 . 2007-12-08 23:58 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-12-08 23:57 . 2007-12-08 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2007-12-08 23:48 . 2007-12-28 23:51 54,987 --a------ C:\WINDOWS\FontData.fdb 2007-12-08 23:37 . 2007-12-08 23:37 <DIR> d-------- C:\Program Files\Common Files\Corel 2007-12-08 07:26 . 2008-01-07 12:24 <DIR> d-------- C:\Program Files\Corel 2007-12-08 07:15 . 2007-12-08 07:15 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-12-08 07:15 . 2007-12-26 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision 2007-12-08 07:14 . 2007-12-16 08:41 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-12-08 07:10 . 2002-12-31 13:00 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-12-08 07:10 . 2007-12-08 07:10 376 --a------ C:\WINDOWS\ODBC.INI 2007-12-08 07:09 . 2008-01-07 12:26 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-12-08 07:09 . 2008-01-07 12:26 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-12-08 07:09 . 2007-12-08 07:09 <DIR> d-------- C:\Program Files\Common Files\L&H 2007-12-08 07:08 . 2008-01-07 12:26 <DIR> d-------- C:\Program Files\Microsoft Works 2007-12-08 07:07 . 2007-12-08 07:09 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-12-08 07:05 . 2004-12-01 07:14 61,440 --a------ C:\WINDOWS\scrub2k.exe 2007-12-08 07:05 . 2004-12-01 07:14 83 --a------ C:\WINDOWS\hpw1280k.ini 2007-12-08 07:04 . 2007-12-08 07:05 571,689 --a------ C:\WINDOWS\hpdj1280.his 2007-12-08 07:04 . 2007-12-08 07:05 15,659 --a------ C:\WINDOWS\hpdj1280.ini 2007-12-08 07:00 . 2007-12-08 07:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\HP 2007-12-08 07:00 . 2007-12-08 07:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP 2007-12-08 05:58 . 2007-12-08 05:59 <DIR> d-------- C:\WINDOWS\system32\MsDtc 2007-12-08 05:57 . 2004-08-04 08:01 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-12-08 05:57 . 2004-08-04 10:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-12-07 23:51 . 2007-12-08 23:40 56 -r-hs---- C:\WINDOWS\system32\81F6B02349.sys 2007-12-07 23:50 . 2007-12-07 23:50 <DIR> d-------- C:\Documents and Settings\Jovica\Application Data\Corel 2007-12-07 23:50 . 2007-12-07 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-12-07 23:50 . 2008-01-05 18:29 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-12-07 23:45 . 2007-12-07 23:45 <DIR> d-------- C:\Documents and Settings\Jovica\Application Data\HP 2007-12-07 23:30 . 2008-01-07 12:22 <DIR> d-------- C:\Program Files\ACD Systems 2007-12-07 23:25 . 2008-01-03 15:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-07 23:25 . 2007-12-07 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-12-07 23:16 . 2008-01-07 12:24 <DIR> d-------- C:\Program Files\Autodesk 2007-12-07 23:15 . 2008-01-07 12:24 <DIR> d-------- C:\Program Files\AnswerWorks 4.0 2007-12-07 23:13 . 2008-01-05 10:04 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared 2007-12-07 23:13 . 2008-01-07 12:24 <DIR> d-------- C:\Program Files\AutoCAD 2005 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-07 11:27 --------- d-----w C:\Program Files\Realtek Sound Manager 2008-01-07 11:26 --------- d-----w C:\Program Files\My Company Name 2008-01-07 11:25 --------- d-----w C:\Program Files\HP 2008-01-07 11:25 --------- d-----w C:\Program Files\Hewlett-Packard 2008-01-07 11:24 --------- d-----w C:\Program Files\AvRack 2008-01-07 11:24 --------- d-----w C:\Program Files\ATI Technologies 2007-12-30 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-08 05:59 --------- d-----w C:\Program Files\Common Files\HP 2007-12-08 05:58 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-12-08 05:03 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-07 22:50 --------- d-----w C:\Program Files\Common Files\InstallShield . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-25 06:05 344064] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 09:31 67584 C:\WINDOWS\SOUNDMAN.EXE] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 11:41 49152] "HPWS myPrintMileage Agent"="C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe" [2004-12-01 23:08 102400] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50 33792] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-08-20 00:22 278528] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-09 00:37:33] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-08 07:15:09] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-04-06 00:45:38] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 13:21:22] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt] fsmgmt.dll 2008-01-05 11:22 58880 C:\WINDOWS\system32\fsmgmt.dll S2 Flexlm Service 1;Flexlm Service 1;C:\Program Files\Autodesk Civil 3D 2007\SHooTERS\FlexLM\Lmgrd.exe [2005-05-23 18:49] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdcbaad3-a502-11dc-a685-806d6172696f}] \Shell\AutoRun\command - E:\Setup.exe . Contents of the 'Scheduled Tasks' folder "2007-12-29 23:12:33 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-07 12:35:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-07 12:35:45 ComboFix-quarantined-files.txt 2008-01-07 11:35:37 ComboFix2.txt 2008-01-07 11:32:15 Dopuna: 06 Jan 2008 12:55 Logfile of HijackThis v1.99.1 Scan saved at 11:51:17, on 7.1.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\svchost.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe c:\windows\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\HPWSTBX.exe C:\Documents and Settings\Jovica\Desktop\PERA\TR TR.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {940683D6-1A27-43BE-8C18-7B2A27FF4148} - C:\WINDOWS\system32\confms.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\spoclsv.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{BD5C263E-C155-4DE7-9439-D750257C7603}: NameServer = 212.200.191.166 212.200.190.166 O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Flexlm Service 1 - Macrovision Corporation - C:\Program Files\Autodesk Civil 3D 2007\SHooTERS\FlexLM\Lmgrd.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe

Profil

dr_Bora Poslao: 06 Jan 2008 13:14 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\secpol.exe C:\WINDOWS\system32\confms.dll C:\WINDOWS\system32\drivers\spoclsv.exe C:\WINDOWS\SYSTEM32\fsmgmt.dll C:\WINDOWS\system32\fsmgmt.dll.tmp C:\WINDOWS\system32\81F6B02349.sys Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Balovac Poslao: 10 Jan 2008 00:26 Idi na vrh
offline Balovac Novi MyCity građanin Pridružio: 05 Jan 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-01-04.1 - Jovica 2008-01-10 23:48:08.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.102 [GMT 1:00] Running from: C:\Documents and Settings\Jovica\Desktop\PERA\ComboFix.exe Command switches used :: C:\Documents and Settings\Jovica\Desktop\PERA\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\81F6B02349.sys C:\WINDOWS\system32\confms.dll C:\WINDOWS\system32\drivers\spoclsv.exe C:\WINDOWS\SYSTEM32\fsmgmt.dll C:\WINDOWS\system32\fsmgmt.dll.tmp C:\WINDOWS\system32\secpol.exe . ((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))) . 2008-01-08 22:46 . 2008-01-08 22:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-07 12:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-30 19:42 . 2007-12-30 19:42 <DIR> d-------- C:\Program Files\Samsung 2007-12-30 00:12 . 2008-01-08 22:46 <DIR> d-------- C:\Program Files\TuneUp Utilities 2006 2007-12-30 00:12 . 2007-12-30 00:12 <DIR> d-------- C:\Documents and Settings\Jovica\Application Data\TuneUp Software 2007-12-28 21:46 . 2007-12-28 21:46 <DIR> d---s---- C:\Documents and Settings\Jovica\UserData 2007-12-28 18:35 . 2008-01-07 00:24 <DIR> d-------- C:\temp 2007-12-28 18:14 . 2007-12-28 18:40 <DIR> d-------- C:\Program Files\AutoCAD Civil 3D Land Desktop Companion 2008 2007-12-28 18:14 . 2008-01-05 14:00 <DIR> d-------- C:\Land Projects 2008 2007-12-26 00:17 . 2007-12-26 00:17 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2007-12-26 00:17 . 2007-12-26 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2007-12-25 18:56 . 2007-12-25 18:56 <DIR> d-------- C:\Program Files\Alwil Software 2007-12-25 18:56 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-25 18:56 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-12-25 18:56 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-25 18:56 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-25 18:56 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-25 18:56 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-25 18:56 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-25 18:56 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-24 15:04 . 2007-12-24 15:04 <DIR> d-------- C:\WINDOWS\system32\Lang 2007-12-24 15:04 . 2007-12-24 15:04 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2007-12-24 15:04 . 2007-12-24 15:04 125,690 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2007-12-24 15:04 . 2007-12-24 15:04 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER 2007-12-24 15:04 . 2007-12-24 15:04 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE 2007-12-18 18:25 . 2007-12-18 18:25 1,158 --a------ C:\WINDOWS\mozver.dat 2007-12-16 23:55 . 2008-01-07 12:24 <DIR> d-------- C:\Program Files\CONTACT 2007-12-14 17:26 . 1997-01-29 17:58 462,848 -ra------ C:\WINDOWS\system32\nmw3vwn.dll 2007-12-14 17:26 . 1997-01-29 17:53 240,640 -ra------ C:\WINDOWS\system32\nmocod.dll 2007-12-14 17:26 . 1997-01-29 18:05 169,472 -ra------ C:\WINDOWS\system32\Html.ocx 2007-12-14 17:26 . 1997-03-04 13:44 66,560 -ra------ C:\WINDOWS\system32\nmorenu.dll 2007-12-14 17:26 . 1997-01-29 17:46 48,128 -ra------ C:\WINDOWS\system32\nmsckn.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-07 14:12 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-01-07 11:28 --------- d-----w C:\Program Files\WON 2008-01-07 11:28 --------- d-----w C:\Program Files\Winamp 2008-01-07 11:28 --------- d-----w C:\Program Files\Virtual Earth 3D 2008-01-07 11:27 --------- d-----w C:\Program Files\SiSoftware 2008-01-07 11:27 --------- d-----w C:\Program Files\Sierra On-Line 2008-01-07 11:27 --------- d-----w C:\Program Files\Realtek Sound Manager 2008-01-07 11:27 --------- d-----w C:\Program Files\Planplus 2008-01-07 11:26 --------- d-----w C:\Program Files\Nero 2008-01-07 11:26 --------- d-----w C:\Program Files\My Company Name 2008-01-07 11:26 --------- d-----w C:\Program Files\Microsoft.NET 2008-01-07 11:26 --------- d-----w C:\Program Files\Microsoft Works 2008-01-07 11:26 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-01-07 11:25 --------- d-----w C:\Program Files\HP 2008-01-07 11:25 --------- d-----w C:\Program Files\Hewlett-Packard 2008-01-07 11:25 --------- d-----w C:\Program Files\Golden Software 2008-01-07 11:24 --------- d-----w C:\Program Files\Corel 2008-01-07 11:24 --------- d-----w C:\Program Files\BeoINFO 2008-01-07 11:24 --------- d-----w C:\Program Files\AvRack 2008-01-07 11:24 --------- d-----w C:\Program Files\Autodesk 2008-01-07 11:24 --------- d-----w C:\Program Files\AutoCAD 2005 2008-01-07 11:24 --------- d-----w C:\Program Files\ATI Technologies 2008-01-07 11:24 --------- d-----w C:\Program Files\AnswerWorks 4.0 2008-01-07 11:22 --------- d-----w C:\Program Files\ACD Systems 2008-01-07 11:22 --------- d-----w C:\Program Files\ABBYY FineReader 7.0 Professional Edition 2008-01-05 17:29 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-03 11:54 --------- d-----w C:\Documents and Settings\Jovica\Application Data\Autodesk 2008-01-03 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2007-12-30 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-26 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision 2007-12-16 07:41 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-14 17:40 --------- d-----w C:\Documents and Settings\Jovica\Application Data\Ahead 2007-12-09 07:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-12-09 07:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-12-09 07:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-12-09 03:35 --------- d-----w C:\Documents and Settings\Jovica\Application Data\ACD Systems 2007-12-08 23:48 --------- d-----w C:\Documents and Settings\Jovica\Application Data\ABBYY 2007-12-08 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ABBYY 2007-12-08 23:41 --------- d-----w C:\Documents and Settings\Jovica\Application Data\AdobeUM 2007-12-08 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2007-12-08 22:58 --------- d-----w C:\Program Files\Common Files\Ahead 2007-12-08 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2007-12-08 22:37 --------- d-----w C:\Program Files\Common Files\Corel 2007-12-08 06:15 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-12-08 06:09 --------- d-----w C:\Program Files\Common Files\L&H 2007-12-08 06:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\HP 2007-12-08 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2007-12-08 05:59 --------- d-----w C:\Program Files\Common Files\HP 2007-12-08 05:58 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-12-08 05:03 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-07 22:50 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-07 22:50 --------- d-----w C:\Documents and Settings\Jovica\Application Data\Corel 2007-12-07 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2007-12-07 22:45 --------- d-----w C:\Documents and Settings\Jovica\Application Data\HP 2007-12-07 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software . ((((((((((((((((((((((((((((( snapshot@2008-01-07_12.31.33.32 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-07 11:30:10 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-01-10 12:10:39 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-01-07 11:30:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-01-10 12:10:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-01-07 11:30:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-01-10 12:10:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-01-10 21:23:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_430.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-25 06:05 344064] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 09:31 67584 C:\WINDOWS\SOUNDMAN.EXE] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 11:41 49152] "HPWS myPrintMileage Agent"="C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe" [2004-12-01 23:08 102400] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50 33792] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-08-20 00:22 278528] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-09 00:37:33] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-08 07:15:09] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 13:21:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdcbaad3-a502-11dc-a685-806d6172696f}] \Shell\AutoRun\command - E:\Setup.exe . Contents of the 'Scheduled Tasks' folder "2008-01-08 21:46:45 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-10 23:49:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-10 23:50:56 ComboFix-quarantined-files.txt 2008-01-10 22:50:47 ComboFix2.txt 2008-01-10 21:24:58 ComboFix3.txt 2008-01-07 11:35:45 ComboFix4.txt 2008-01-07 11:32:15

Profil

dr_Bora Poslao: 10 Jan 2008 00:53 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema potrebe za otvaranjem nove teme... Malo su mi čudni ovi logovi. Kao da delovi nedostaju i kao da si ComboFix pokretao više puta, što, naravno nije bilo potrebno/poželjno. Postavi svež HT log.

Profil

Balovac Poslao: 10 Jan 2008 08:10 Idi na vrh
offline Balovac Novi MyCity građanin Pridružio: 05 Jan 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Neznam kako se pravi NT log

Profil

dr_Bora Poslao: 10 Jan 2008 08:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! HijackThis log... Isto što si uradio i kada si otvarao temu.

Profil

Balovac Poslao: 10 Jan 2008 10:45 Idi na vrh
offline Balovac Novi MyCity građanin Pridružio: 05 Jan 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 10:44, on 2008-01-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\svchost.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jovica\Desktop\PERA\TR TR.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{BD5C263E-C155-4DE7-9439-D750257C7603}: NameServer = 212.200.191.166 212.200.190.166 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Profil

dr_Bora Poslao: 10 Jan 2008 23:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK... Logovi su čisti. Obriši folder C:\qoobox Zatim... Iskljucivanje System Restore-a Na Desktopu, desni klik na My Computer. Odaberite Properties. Odaberite System Restore tab. Stiklirajte Turn off System Restore. Kliknite na dugme Apply. Kliknite na dugme OK. Restartuj kompjuter. Ukljucivanje System Restore-a Na Desktopu, desni klik na My Computer. Odaberite Properties. Odaberite System Restore tab. Destiklirajte Turn off System Restore. Kliknite na dugme Apply. Kliknite na dugme OK. ------------------------------------------------------------------------------------- To je sve...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » POMOĆ; pomoć

Ko je trenutno na forumu

Ukupno su 827 korisnika na forumu :: 54 registrovanih, 6 sakrivenih i 767 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: anta, bankulen, bojank, CikaKURE, cincarin, comi_pfc, darkangel, Dimitrije Paunovic, Dimitrise93, Djokislav, DonRumataEstorski, Dovla, dozorni, draganv97, galerija, hyla, Ilija Cvorovic, Ivica1102, jackreacher011011, Još malo pa deda, Kaplar2, Kubovac, ladro, lord sir giga, Lošmi, MB120mm, mercedesamg, Mercury, Metanoja, mikrimaus, milenko crazy north, Milometer, milutin134, MiroslavD, mocnijogurt, nebojsag, nikoladim, NikolaGTR, pacika, Petarvu, proka89, rajkoplje, rodoljub, ruma, Sir Budimir, SR-3m, Srle993, stegonosa, TheBeastOfMG, tubular, zbazin, ZetaMan, zlaya011, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by