MyCity » Ambulanta -> Arhiva Ambulante » Problem

Problem

Napisano na dan: 24.9.2008

Problem

Sledeća strana

Pagination

Odgovori

stanoye Poslao: 24 Sep 2008 18:16 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pojavio mi se problem, kada se podigne sistem windows explorer se pali i gasi znaci desktop i start menu se pojave a zatim se ponovo ucitavanju i tako za redom sve dok se posle nekog vremena explorer zablokira tj. ugasi a ja za to vreme uspem da udjem u total commander i na taj nacin upravljam sistemom. Avast mi je nakon toga detektovao virtumonde i adware-gen i prebacio ih u svoj virus chest. Kako da resim problem? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:51:37, on 24.9.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\System32\VTTimer.exe C:\WINDOWS\System32\VTtrayp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Program Files\tr3\tr3\tr3.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A5671B8D-7EE8-4EA3-A4B7-A168B7D179F1} - C:\WINDOWS\System32\hgGwTkKA.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [Link mogu videti samo ulogovani korisnici] O17 - HKLM\System\CCS\Services\Tcpip\..\{58DE490C-5F02-4C49-B0EB-FACA7EF80089}: NameServer = 217.26.64.130 217.26.64.131 O20 - Winlogon Notify: wvUlmkjk - wvUlmkjk.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 4948 bytes

Profil

dr_Bora Poslao: 24 Sep 2008 18:38 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings.... U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK. Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

stanoye Poslao: 24 Sep 2008 19:17 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-09-22.06 - Ivan 2008-09-24 19:03:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.692 [GMT 2:00] Running from: C:\Documents and Settings\Ivan\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 ))))))))))))))))))))))))))))))) . 2008-09-24 18:30 . 2008-09-24 18:30 <DIR> d-------- C:\VundoFix Backups 2008-09-24 12:51 . 2008-09-24 17:51 <DIR> d-------- C:\Program Files\tr3 2008-09-24 03:08 . 2008-09-24 19:05 61,703 --ahs---- C:\WINDOWS\system32\AKkTwGgh.ini2 2008-09-24 03:08 . 2008-09-24 19:05 61,703 --ahs---- C:\WINDOWS\system32\AKkTwGgh.ini 2008-09-24 03:07 . 2008-09-24 03:08 254,976 --a------ C:\WINDOWS\system32\hgGwTkKA.dll 2008-09-24 02:25 . 2008-09-24 02:25 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters 2008-09-24 02:25 . 2008-09-24 02:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters 2008-09-24 01:12 . 2008-09-24 01:12 724,992 --a------ C:\WINDOWS\iun6002.exe 2008-09-21 00:39 . 2008-09-21 00:39 15,872 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-09-18 19:37 . 2008-09-18 19:37 <DIR> d-------- C:\Program Files\WinCustomize 2008-09-18 19:37 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll 2008-09-18 19:37 . 2008-09-24 19:08 24 --a------ C:\WINDOWS\LogonStudio.ini 2008-09-18 18:40 . 2008-09-18 18:40 <DIR> d-------- C:\Program Files\Stardock 2008-09-18 18:40 . 2008-09-18 18:40 <DIR> d-------- C:\Program Files\Common Files\Stardock 2008-09-18 18:40 . 2008-09-18 19:18 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys 2008-09-13 21:17 . 2008-09-13 21:17 <DIR> d-------- C:\Program Files\XP Codec Pack 2008-09-13 21:17 . 2008-07-09 10:05 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-09-13 18:59 . 2008-09-13 18:59 <DIR> d--h----- C:\WINDOWS\PIF 2008-09-07 18:03 . 2008-09-07 18:03 <DIR> d-------- C:\Program Files\Simple Net Speed 2008-09-07 18:03 . 2008-09-07 18:03 <DIR> d-------- C:\Program Files\CCleaner 2008-09-03 12:28 . 2008-09-24 03:07 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\BitTorrent 2008-09-03 12:27 . 2008-09-20 15:36 <DIR> d-------- C:\Program Files\DNA 2008-09-03 12:27 . 2008-09-03 12:27 <DIR> d-------- C:\Program Files\BitTorrent 2008-09-03 12:27 . 2008-09-24 19:05 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\DNA 2008-09-03 02:08 . 2008-09-03 02:08 <DIR> d-------- C:\Program Files\ParetoLogic 2008-09-03 02:08 . 2008-09-03 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware 2008-08-31 15:33 . 2008-08-31 15:33 <DIR> d-------- C:\Program Files\MyPhoneExplorer 2008-08-31 13:57 . 2008-08-31 16:01 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\MyPhoneExplorer 2008-08-26 21:11 . 2008-08-26 21:11 987,136 --a------ C:\WINDOWS\system32\VSFilter.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-24 00:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-23 23:19 --------- d-----w C:\Program Files\SpeedFan 2008-09-20 19:46 66,976 ----a-w C:\Documents and Settings\Ivan\Application Data\GDIPFONTCACHEV1.DAT 2008-09-16 19:17 --------- d-----w C:\Program Files\MP4Tool 2008-09-03 15:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-03 14:15 --------- d-----w C:\Program Files\Winamp 2008-09-03 13:21 --------- d-----w C:\Program Files\DAP . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E49334A-BFDB-457B-9829-84B5564BC196}] 2008-09-24 03:08 254976 --a------ C:\WINDOWS\System32\hgGwTkKA.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 13312] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-20 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648] "BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336] "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe] "VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-11-01 C:\WINDOWS\system32\VTTrayp.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\System32\\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "vidc.xvid"= xvid.dll "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2006-02-23 9728] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\System32\DRIVERS\xfilt.sys [2006-02-23 11264] R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-07-19 78416] R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\System32\drivers\wf2kvcap.sys [2004-07-22 75925] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\System32\drivers\wf2ktunr.sys [2004-07-22 36583] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\System32\drivers\wf2kxbar.sys [2004-07-22 10005] S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\System32\DRIVERS\s125bus.sys [2007-04-24 83336] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\s125mdfl.sys [2007-04-24 15112] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\s125mdm.sys [2007-04-24 108680] S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-09-10 9510] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - Notify-WgaLogon - (no file) Notify-wvUlmkjk - wvUlmkjk.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\pt9rdxqs.default\ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-09-24 19:07:35 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe . ************************************************************************ . Completion time: 2008-09-24 19:11:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-24 17:11:18 Pre-Run: 11.105.902.592 bytes free Post-Run: 11,124,813,824 bytes free 132

Profil

dr_Bora Poslao: 24 Sep 2008 19:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\AKkTwGgh.ini2 C:\WINDOWS\system32\AKkTwGgh.ini C:\WINDOWS\system32\hgGwTkKA.dll Folder:: C:\VundoFix Backups Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E49334A-BFDB-457B-9829-84B5564BC196}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

stanoye Poslao: 24 Sep 2008 19:53 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-09-22.06 - Ivan 2008-09-24 19:44:33.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.664 [GMT 2:00] Running from: C:\Documents and Settings\Ivan\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Ivan\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\AKkTwGgh.ini C:\WINDOWS\system32\AKkTwGgh.ini2 C:\WINDOWS\system32\hgGwTkKA.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\WINDOWS\system32\AKkTwGgh.ini C:\WINDOWS\system32\AKkTwGgh.ini2 C:\WINDOWS\system32\hgGwTkKA.dll . ((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 ))))))))))))))))))))))))))))))) . 2008-09-24 12:51 . 2008-09-24 17:51 <DIR> d-------- C:\Program Files\tr3 2008-09-24 02:25 . 2008-09-24 02:25 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters 2008-09-24 02:25 . 2008-09-24 02:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters 2008-09-24 01:12 . 2008-09-24 01:12 724,992 --a------ C:\WINDOWS\iun6002.exe 2008-09-21 00:39 . 2008-09-21 00:39 15,872 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-09-18 19:37 . 2008-09-18 19:37 <DIR> d-------- C:\Program Files\WinCustomize 2008-09-18 19:37 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll 2008-09-18 19:37 . 2008-09-24 19:08 24 --a------ C:\WINDOWS\LogonStudio.ini 2008-09-18 18:40 . 2008-09-18 18:40 <DIR> d-------- C:\Program Files\Stardock 2008-09-18 18:40 . 2008-09-18 18:40 <DIR> d-------- C:\Program Files\Common Files\Stardock 2008-09-18 18:40 . 2008-09-18 19:18 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys 2008-09-13 21:17 . 2008-09-13 21:17 <DIR> d-------- C:\Program Files\XP Codec Pack 2008-09-13 21:17 . 2008-07-09 10:05 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-09-13 18:59 . 2008-09-13 18:59 <DIR> d--h----- C:\WINDOWS\PIF 2008-09-07 18:03 . 2008-09-07 18:03 <DIR> d-------- C:\Program Files\Simple Net Speed 2008-09-07 18:03 . 2008-09-07 18:03 <DIR> d-------- C:\Program Files\CCleaner 2008-09-03 12:28 . 2008-09-24 03:07 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\BitTorrent 2008-09-03 12:27 . 2008-09-20 15:36 <DIR> d-------- C:\Program Files\DNA 2008-09-03 12:27 . 2008-09-03 12:27 <DIR> d-------- C:\Program Files\BitTorrent 2008-09-03 12:27 . 2008-09-24 19:38 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\DNA 2008-09-03 02:08 . 2008-09-03 02:08 <DIR> d-------- C:\Program Files\ParetoLogic 2008-09-03 02:08 . 2008-09-03 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware 2008-08-31 15:33 . 2008-08-31 15:33 <DIR> d-------- C:\Program Files\MyPhoneExplorer 2008-08-31 13:57 . 2008-08-31 16:01 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\MyPhoneExplorer 2008-08-26 21:11 . 2008-08-26 21:11 987,136 --a------ C:\WINDOWS\system32\VSFilter.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-24 00:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-23 23:19 --------- d-----w C:\Program Files\SpeedFan 2008-09-20 19:46 66,976 ----a-w C:\Documents and Settings\Ivan\Application Data\GDIPFONTCACHEV1.DAT 2008-09-20 15:03 2,757,120 ----a-w C:\WINDOWS\system32\logonuiX.exe 2008-09-16 19:17 --------- d-----w C:\Program Files\MP4Tool 2008-09-03 15:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-03 15:05 2,864 ----a-w C:\WINDOWS\system32\winsock.dll 2008-09-03 14:15 --------- d-----w C:\Program Files\Winamp 2008-09-03 13:21 --------- d-----w C:\Program Files\DAP 2008-07-29 14:05 1,296,896 ----a-w C:\WINDOWS\system32\SPort.dll 2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll 2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll 2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 13312] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-20 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648] "BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336] "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe] "VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-11-01 C:\WINDOWS\system32\VTTrayp.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\System32\\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "vidc.xvid"= xvid.dll "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2006-02-23 9728] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\System32\DRIVERS\xfilt.sys [2006-02-23 11264] R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-07-19 78416] R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\System32\drivers\wf2kvcap.sys [2004-07-22 75925] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\System32\drivers\wf2ktunr.sys [2004-07-22 36583] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\System32\drivers\wf2kxbar.sys [2004-07-22 10005] S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\System32\DRIVERS\s125bus.sys [2007-04-24 83336] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\s125mdfl.sys [2007-04-24 15112] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\s125mdm.sys [2007-04-24 108680] S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-09-10 9510] Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-09-24 19:45:38 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-09-24 19:47:20 ComboFix-quarantined-files.txt 2008-09-24 17:47:09 ComboFix2.txt 2008-09-24 17:11:25 Pre-Run: 11.092.787.200 bytes free Post-Run: 11,080,515,584 bytes free 124

Profil

dr_Bora Poslao: 24 Sep 2008 20:21 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo izgleda ok. Kakvo je sada stanje?

Profil

stanoye Poslao: 24 Sep 2008 20:31 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odlicno, problem je resen. HVALA

Profil

dr_Bora Poslao: 24 Sep 2008 20:41 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Molim... Uradi sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve.

Profil

stanoye Poslao: 25 Sep 2008 11:07 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokusao sam ali mi kaze: windows cannot find combofix. make sure you typed the name correctly and then try again. Dopuna: 25 Sep 2008 11:07 Ipak sam uspeo da deinstaliram tako sto sam upisao: "C:\Documents and Settings\Ivan\Desktop\ComboFix.exe" /u Hvala jos jednom.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem

Ko je trenutno na forumu

Ukupno su 2273 korisnika na forumu :: 95 registrovanih, 13 sakrivenih i 2165 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 4thFlavian, airliners, ALEKSICMILE, Ben Roj, Betty25, Boris BM, boromir, bozo13, Bubimir, CCCP, Centauro, Cicumile, Cirkon, CLIPPER, crazydkure, darkojbn, DavidA, debeli, DeerHunter, dekiz, Dixtrix, Django777, Djokislav, Doca, Dolinc, Draganeli, dragoljub11987, due, EXIT78, Feller, geo.dule, goxin, GveX, havoc995, HrcAk47, iceburn, ikan, IQ116, Jager715510, Josef, Jovan.D, Kenanjoz, kib, kovacicbozo, kovinacc, Kubovac, laurusri, lcc, Leonov, ljuba, mariwoj63, Marko1238, Masan, mercedesamg, milenko crazy north, Milometer, MiroslavD, Mis uz pusku, Moldovan, Mrav Obrad, Naj-Turs, nemkea71, nenorodjo, nick79, niki-mini_maki, NiKoLa27, orfanel, Panter, Pekman, Pilence, Polifon, proka89, R_038, raptorsi, renvoi, Resad76, rr559, ruma, sarma, sekretar, Sevetar, Shajlok, Smiljkovich, Solunac na steroidima, spalev, srđan, stegonosa, strelac07, Trpe Grozni, ujke, Valter071, vidra boy, vidra1, vukdra, ziggga

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by