MyCity » Ambulanta -> Arhiva Ambulante » Problem u startupu

Problem u startupu

Napisano na dan: 13.3.2008

Strana:
1
2

Problem u startupu

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Momcilo Poslao: 13 Mar 2008 14:37 Idi na vrh
offline Momcilo Legendarni građanin Pridružio: 26 Feb 2004 Poruke: 2510	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prilikom paljenja kompa sa OS-om mi se odmah otvara Windows Explorer... Pokušao sam da ugasim ovaj proces da se ne diže u startu i ne mogu da ga uklonim. Avast prijavljuje kao virus ali ne može da ga obriše. Zapravo postoje dva procesa koja ne mogu da ugasim. Ovo je njihova putanja 1. C:\Documents and Settings\All Users\StartMenu\Programs\Startup\Empty.pif 2. C:\Documents and Settings\Danilo Korac\StartMenu\Programs\Startup\windows.pif Pokšao sam da ih uploadujem ali ne ide....

Profil

helen1 Poslao: 13 Mar 2008 14:52 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8652 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moderator pa ne prati uputstva.... [Link mogu videti samo ulogovani korisnici]

Profil

Momcilo Poslao: 13 Mar 2008 17:01 Idi na vrh
offline Momcilo Legendarni građanin Pridružio: 26 Feb 2004 Poruke: 2510	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ma sve mi nešto brlja, ne mogu ni ime da mu promenim... Evo loga Logfile of HijackThis v1.99.1 Scan saved at 4:49:54 PM, on 3/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Danilo Korac\Local Settings\Application Data\lsass.exe C:\Documents and Settings\Danilo Korac\Application Data\explorer.exe C:\Documents and Settings\Danilo Korac\Local Settings\Application Data\lsass.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Danilo Korac\Desktop\New Folder (2)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Startup: windows.pif = ? O4 - Global Startup: Com.lnk = ? O4 - Global Startup: Empty.pif = ? O8 - Extra context menu item: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlall.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Profil

dr_Bora Poslao: 13 Mar 2008 17:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Pokreni HT, skeniraj i čekiraj sledeće linije: O4 - Startup: windows.pif = ? O4 - Global Startup: Com.lnk = ? O4 - Global Startup: Empty.pif = ? a zatim klikni Fix Checked. ------------------------------------------------------------------------------------- Aktiviraj prikaz skrivenih file-ova: [Link mogu videti samo ulogovani korisnici] Restartuj PC u Safe Mode: [Link mogu videti samo ulogovani korisnici] ------------------------------------------------------------------------------------- Pronađi i obriši sledeće file-ove (pazi da ih greškom ne pokreneš - možda imaju ikonicu kao folderi): C:\Documents and Settings\Danilo Korac\Application Data\explorer.exe C:\Documents and Settings\Danilo Korac\Local Settings\Application Data\lsass.exe ------------------------------------------------------------------------------------- Restartuj PC u normalni režim rada, postavi novi HT log i napiši kakvo je sada stanje...

Profil

Momcilo Poslao: 13 Mar 2008 17:58 Idi na vrh
offline Momcilo Legendarni građanin Pridružio: 26 Feb 2004 Poruke: 2510	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! I dalje mi se podiže Windows Explorer pri startu a evo i novog loga Logfile of HijackThis v1.99.1 Scan saved at 5:56:45 PM, on 3/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Danilo Korac\Application Data\explorer.exe C:\Documents and Settings\Danilo Korac\Local Settings\Application Data\lsass.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Danilo Korac\Desktop\New Folder (2)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Startup: windows.pif = ? O4 - Global Startup: Empty.pif = ? O8 - Extra context menu item: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlall.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{6DF085EB-8EDE-43D0-8F78-DDB8176DE9F2}: NameServer = 82.117.210.77 89.216.54.68 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Profil

dr_Bora Poslao: 13 Mar 2008 18:01 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Momcilo Poslao: 13 Mar 2008 18:18 Idi na vrh
offline Momcilo Legendarni građanin Pridružio: 26 Feb 2004 Poruke: 2510	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-03-10.1 - Danilo Korac 2008-03-13 18:09:03.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.534 [GMT 1:00] Running from: C:\Documents and Settings\Danilo Korac\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\msssc.dll . ((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 ))))))))))))))))))))))))))))))) . 2008-03-13 18:05 . 2008-03-13 18:05 <DIR> d-------- C:\ComboFix(1) 2008-03-13 17:55 . 2007-01-28 16:38 70,656 --a------ C:\Documents and Settings\Danilo Korac\Application Data\explorer.exe 2008-03-13 13:15 . 2008-03-13 13:15 <DIR> d--hs---- C:\FOUND.007 2008-03-13 07:30 . 2008-03-13 07:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\XSign 2008-03-13 07:29 . 2008-03-13 07:29 <DIR> d-------- C:\Program Files\XSign 2008-03-12 06:15 . 2008-03-12 06:15 38 --a------ C:\WINDOWS\AviSplitter.INI 2008-03-11 15:38 . 2008-03-11 15:38 <DIR> d-------- C:\Documents and Settings\Danilo Korac\Application Data\ICQ 2008-03-11 15:37 . 2008-03-11 15:37 <DIR> d-------- C:\Program Files\ICQ6 2008-03-11 15:37 . 2008-03-11 15:37 <DIR> d-------- C:\Documents and Settings\Danilo Korac\Application Data\InstallShield 2008-03-11 13:32 . 2008-03-11 13:32 <DIR> d--hs---- C:\FOUND.006 2008-03-10 20:12 . 2008-03-10 20:12 <DIR> dr-h----- C:\Documents and Settings\Danilo Korac\Application Data\SecuROM 2008-03-10 18:52 . 2008-03-10 18:52 <DIR> d--h----- C:\Program Files\Zero G Registry 2008-03-10 18:52 . 2008-03-10 18:52 <DIR> d--h----- C:\Documents and Settings\Danilo Korac\InstallAnywhere 2008-03-10 18:42 . 2008-03-10 18:42 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-03-10 18:37 . 2008-03-10 18:37 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-03-09 23:26 . 2008-03-09 23:27 <DIR> d-------- C:\Program Files\HD Tune 2008-03-08 11:07 . 2008-03-08 11:07 268 --ah----- C:\sqmdata10.sqm 2008-03-08 11:07 . 2008-03-08 11:07 244 --ah----- C:\sqmnoopt10.sqm 2008-03-08 10:58 . 2008-03-08 10:58 <DIR> d--hs---- C:\FOUND.005 2008-03-07 23:34 . 2008-03-07 23:34 268 --ah----- C:\sqmdata09.sqm 2008-03-07 23:34 . 2008-03-07 23:34 244 --ah----- C:\sqmnoopt09.sqm 2008-03-07 23:19 . 2008-03-07 23:19 <DIR> d--hs---- C:\FOUND.004 2008-03-06 21:34 . 2008-03-06 21:34 268 --ah----- C:\sqmdata08.sqm 2008-03-06 21:34 . 2008-03-06 21:34 244 --ah----- C:\sqmnoopt08.sqm 2008-03-06 11:00 . 2008-03-06 11:00 268 --ah----- C:\sqmdata07.sqm 2008-03-06 11:00 . 2008-03-06 11:00 244 --ah----- C:\sqmnoopt07.sqm 2008-03-06 10:37 . 2008-03-06 10:37 268 --ah----- C:\sqmdata06.sqm 2008-03-06 10:37 . 2008-03-06 10:37 244 --ah----- C:\sqmnoopt06.sqm 2008-03-06 00:48 . 2008-03-06 00:48 268 --ah----- C:\sqmdata05.sqm 2008-03-06 00:48 . 2008-03-06 00:48 244 --ah----- C:\sqmnoopt05.sqm 2008-03-05 14:36 . 2008-03-05 14:36 268 --ah----- C:\sqmdata04.sqm 2008-03-05 14:36 . 2008-03-05 14:36 244 --ah----- C:\sqmnoopt04.sqm 2008-03-05 14:18 . 2008-03-05 14:18 <DIR> d--hs---- C:\FOUND.003 2008-03-05 01:29 . 2008-03-05 01:29 268 --ah----- C:\sqmdata03.sqm 2008-03-05 01:29 . 2008-03-05 01:29 244 --ah----- C:\sqmnoopt03.sqm 2008-03-04 21:04 . 2008-03-04 21:04 <DIR> d--hs---- C:\FOUND.002 2008-03-04 19:33 . 2008-03-04 19:33 268 --ah----- C:\sqmdata02.sqm 2008-03-04 19:33 . 2008-03-04 19:33 244 --ah----- C:\sqmnoopt02.sqm 2008-03-02 07:44 . 2008-03-02 07:44 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-03-02 07:43 . 2008-03-02 07:43 <DIR> d-------- C:\Documents and Settings\Danilo Korac\Application Data\SystemRequirementsLab 2008-03-01 03:02 . 2008-03-01 03:02 <DIR> d-------- C:\Program Files\DC++ 2008-02-24 20:22 . 2008-02-24 20:22 252 --a------ C:\WINDOWS\game.ini 2008-02-24 20:15 . 2008-02-24 20:15 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-02-23 12:22 . 2008-02-23 12:22 <DIR> d-------- C:\Program Files\bux 2008-02-20 17:16 . 2008-02-20 17:16 <DIR> d-------- C:\Program Files\Free Window Registry Repair 2008-02-19 12:41 . 2008-02-19 12:42 <DIR> d-------- C:\Program Files\MegauploadToolbar 2008-02-19 12:41 . 2008-02-19 12:42 <DIR> d-------- C:\Documents and Settings\Danilo Korac\Application Data\MegauploadToolbar 2008-02-18 01:24 . 2008-02-18 01:24 268 --ah----- C:\sqmdata01.sqm 2008-02-18 01:24 . 2008-02-18 01:24 244 --ah----- C:\sqmnoopt01.sqm 2008-02-18 00:54 . 2008-02-18 00:54 <DIR> d-------- C:\Documents and Settings\Danilo Korac\.thumbnails 2008-02-18 00:53 . 2008-02-18 00:53 <DIR> d-------- C:\Documents and Settings\Danilo Korac\.gimp-2.2 2008-02-18 00:52 . 2008-02-18 00:52 <DIR> d-------- C:\Program Files\GIMP-2.0 2008-02-18 00:51 . 2008-02-18 00:51 <DIR> d-------- C:\Program Files\Common Files\GTK 2008-02-17 11:51 . 2008-02-17 11:51 <DIR> d-------- C:\Documents and Settings\Danilo Korac\Contacts 2008-02-17 10:47 . 2008-02-17 10:47 268 --ah----- C:\sqmdata00.sqm 2008-02-17 10:47 . 2008-02-17 10:47 244 --ah----- C:\sqmnoopt00.sqm 2008-02-17 00:19 . 2008-02-17 00:19 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE 2008-02-17 00:19 . 2008-02-17 00:19 <DIR> d-------- C:\Program Files\Windows Live 2008-02-15 10:59 . 2008-02-15 10:59 <DIR> d--hs---- C:\FOUND.001 2008-02-14 15:36 . 2008-02-14 15:36 <DIR> d-------- C:\WINDOWS\Sun 2008-02-14 00:07 . 2008-02-14 00:08 <DIR> d-------- C:\Program Files\SpeedFan 2008-02-14 00:07 . 2008-02-14 00:08 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-02-13 22:11 . 2008-02-13 22:11 <DIR> d--hs---- C:\FOUND.000 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-11 05:54 684,549 ----a-w C:\WINDOWS\system32\unins000.exe 2008-02-11 05:53 --------- d-----w C:\Documents and Settings\Danilo Korac\Application Data\Media Player Classic 2008-02-11 05:53 --------- d-----w C:\Documents and Settings\Danilo Korac\Application Data\DivX 2008-02-10 02:19 --------- d-----w C:\Program Files\Screamer Radio 2008-02-10 00:27 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-02-09 22:09 --------- d-----w C:\Program Files\Java 2008-02-09 22:09 --------- d-----w C:\Program Files\Common Files\Java 2008-02-08 10:39 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-02-07 21:12 --------- d-----w C:\Program Files\Alwil Software 2008-02-07 21:11 --------- d-----w C:\Program Files\ASUS 2008-02-07 21:07 --------- d-----w C:\Program Files\Analog Devices 2008-02-07 20:14 --------- d-----w C:\Documents and Settings\Danilo Korac\Application Data\Sports Interactive 2008-02-07 20:12 --------- d-----w C:\Program Files\AIMP2 2008-02-07 20:10 --------- d-----w C:\Program Files\XP Codec Pack 2008-02-07 20:09 --------- d-----w C:\Program Files\DivX 2008-02-07 20:06 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2008-02-07 13:00 --------- d-----w C:\Program Files\Free Download Manager 2008-02-07 13:00 --------- d-----w C:\Documents and Settings\Danilo Korac\Application Data\Free Download Manager 2008-02-07 13:00 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeDownloadManager.ORG 2008-02-07 09:07 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-02-07 09:07 --------- d-----w C:\Program Files\TP-LINK 2008-02-07 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-07 09:04 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-07 08:56 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-07 08:31 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-07 08:26 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-22 18:07 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll . ------- Sigcheck ------- 2006-12-18 19:33 1040384 4cf21cb1dfbc7d3ccd6c9e4b195ba3ab C:\WINDOWS\explorer.exe 2006-12-18 19:33 1033216 42d32722b805d7df42d30487a0bcbd78 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 22528] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl] "TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 16:12 372736] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1634304 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 15:50 106496] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] C:\Documents and Settings\Danilo Korac\Start Menu\Programs\Startup\ windows.pif [2007-01-28 16:38:18 70656] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Empty.pif [2007-01-28 16:38:18 70656] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Empty.pif] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Empty.pif backup=C:\WINDOWS\pss\Empty.pifCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Danilo Korac^Start Menu^Programs^Startup^windows.pif] path=C:\Documents and Settings\Danilo Korac\Start Menu\Programs\Startup\windows.pif backup=C:\WINDOWS\pss\windows.pifStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:35 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "F:\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\system32\drivers\ASUSHWIO.sys [] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-13 18:10:04 Windows 5.1.2600 Service Pack 2 FAT NTAPI detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-03-13 18:10:30 ComboFix-quarantined-files.txt 2008-03-13 17:10:30

Profil

dr_Bora Poslao: 13 Mar 2008 18:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\Documents and Settings\Danilo Korac\Application Data\explorer.exe C:\Documents and Settings\Danilo Korac\Local Settings\Application Data\lsass.exe C:\Documents and Settings\Danilo Korac\Start Menu\Programs\Startup\windows.pif C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\Empty.pif C:\WINDOWS\pss\Empty.pifCommon Startup C:\WINDOWS\pss\windows.pifStartup Registry:: [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Empty.pif] [-HKLM\~\startupfolder\C:^Documents and Settings^Danilo Korac^Start Menu^Programs^Startup^windows.pif] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Momcilo Poslao: 13 Mar 2008 18:35 Idi na vrh
offline Momcilo Legendarni građanin Pridružio: 26 Feb 2004 Poruke: 2510	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-03-10.1 - Danilo Korac 2008-03-13 18:31:59.2 - FAT32x86 Running from: C:\Documents and Settings\Danilo Korac\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Danilo Korac\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\Empty.pif C:\Documents and Settings\Danilo Korac\Application Data\explorer.exe C:\Documents and Settings\Danilo Korac\Local Settings\Application Data\lsass.exe C:\Documents and Settings\Danilo Korac\Start Menu\Programs\Startup\windows.pif C:\WINDOWS\pss\Empty.pifCommon Startup C:\WINDOWS\pss\windows.pifStartup . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\Empty.pif C:\Documents and Settings\Danilo Korac\Application Data\explorer.exe C:\Documents and Settings\Danilo Korac\Local Settings\Application Data\lsass.exe C:\Documents and Settings\Danilo Korac\Start Menu\Programs\Startup\windows.pif C:\WINDOWS\pss\Empty.pifCommon Startup C:\WINDOWS\pss\windows.pifStartup . ((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 ))))))))))))))))))))))))))))))) . 2008-03-13 18:05 . 2008-03-13 18:05 <DIR> d-------- C:\ComboFix(1) 2008-03-13 13:15 . 2008-03-13 13:15 <DIR> d--hs---- C:\FOUND.007 2008-03-13 07:30 . 2008-03-13 07:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\XSign 2008-03-13 07:29 . 2008-03-13 07:29 <DIR> d-------- C:\Program Files\XSign 2008-03-12 06:15 . 2008-03-12 06:15 38 --a------ C:\WINDOWS\AviSplitter.INI 2008-03-11 15:38 . 2008-03-11 15:38 <DIR> d-------- C:\Documents and Settings\Danilo Korac\Application Data\ICQ 2008-03-11 15:37 . 2008-03-11 15:37 <DIR> d-------- C:\Program Files\ICQ6 2008-03-11 15:37 . 2008-03-11 15:37 <DIR> d-------- C:\Documents and Settings\Danilo Korac\Application Data\InstallShield 2008-03-11 13:32 . 2008-03-11 13:32 <DIR> d--hs---- C:\FOUND.006 2008-03-10 20:12 . 2008-03-10 20:12 <DIR> dr-h----- C:\Documents and Settings\Danilo Korac\Application Data\SecuROM 2008-03-10 18:52 . 2008-03-10 18:52 <DIR> d--h----- C:\Program Files\Zero G Registry 2008-03-10 18:52 . 2008-03-10 18:52 <DIR> d--h----- C:\Documents and Settings\Danilo Korac\InstallAnywhere 2008-03-10 18:42 . 2008-03-10 18:42 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-03-10 18:37 . 2008-03-10 18:37 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-03-09 23:26 . 2008-03-09 23:27 <DIR> d-------- C:\Program Files\HD Tune 2008-03-08 11:07 . 2008-03-08 11:07 268 --ah----- C:\sqmdata10.sqm 2008-03-08 11:07 . 2008-03-08 11:07 244 --ah----- C:\sqmnoopt10.sqm 2008-03-08 10:58 . 2008-03-08 10:58 <DIR> d--hs---- C:\FOUND.005 2008-03-07 23:34 . 2008-03-07 23:34 268 --ah----- C:\sqmdata09.sqm 2008-03-07 23:34 . 2008-03-07 23:34 244 --ah----- C:\sqmnoopt09.sqm 2008-03-07 23:19 . 2008-03-07 23:19 <DIR> d--hs---- C:\FOUND.004 2008-03-06 21:34 . 2008-03-06 21:34 268 --ah----- C:\sqmdata08.sqm 2008-03-06 21:34 . 2008-03-06 21:34 244 --ah----- C:\sqmnoopt08.sqm 2008-03-06 11:00 . 2008-03-06 11:00 268 --ah----- C:\sqmdata07.sqm 2008-03-06 11:00 . 2008-03-06 11:00 244 --ah----- C:\sqmnoopt07.sqm 2008-03-06 10:37 . 2008-03-06 10:37 268 --ah----- C:\sqmdata06.sqm 2008-03-06 10:37 . 2008-03-06 10:37 244 --ah----- C:\sqmnoopt06.sqm 2008-03-06 00:48 . 2008-03-06 00:48 268 --ah----- C:\sqmdata05.sqm 2008-03-06 00:48 . 2008-03-06 00:48 244 --ah----- C:\sqmnoopt05.sqm 2008-03-05 14:36 . 2008-03-05 14:36 268 --ah----- C:\sqmdata04.sqm 2008-03-05 14:36 . 2008-03-05 14:36 244 --ah----- C:\sqmnoopt04.sqm 2008-03-05 14:18 . 2008-03-05 14:18 <DIR> d--hs---- C:\FOUND.003 2008-03-05 01:29 . 2008-03-05 01:29 268 --ah----- C:\sqmdata03.sqm 2008-03-05 01:29 . 2008-03-05 01:29 244 --ah----- C:\sqmnoopt03.sqm 2008-03-04 21:04 . 2008-03-04 21:04 <DIR> d--hs---- C:\FOUND.002 2008-03-04 19:33 . 2008-03-04 19:33 268 --ah----- C:\sqmdata02.sqm 2008-03-04 19:33 . 2008-03-04 19:33 244 --ah----- C:\sqmnoopt02.sqm 2008-03-02 07:44 . 2008-03-02 07:44 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-03-02 07:43 . 2008-03-02 07:43 <DIR> d-------- C:\Documents and Settings\Danilo Korac\Application Data\SystemRequirementsLab 2008-03-01 03:02 . 2008-03-01 03:02 <DIR> d-------- C:\Program Files\DC++ 2008-02-24 20:22 . 2008-02-24 20:22 252 --a------ C:\WINDOWS\game.ini 2008-02-24 20:15 . 2008-02-24 20:15 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-02-23 12:22 . 2008-02-23 12:22 <DIR> d-------- C:\Program Files\bux 2008-02-20 17:16 . 2008-02-20 17:16 <DIR> d-------- C:\Program Files\Free Window Registry Repair 2008-02-19 12:41 . 2008-02-19 12:42 <DIR> d-------- C:\Program Files\MegauploadToolbar 2008-02-19 12:41 . 2008-02-19 12:42 <DIR> d-------- C:\Documents and Settings\Danilo Korac\Application Data\MegauploadToolbar 2008-02-18 01:24 . 2008-02-18 01:24 268 --ah----- C:\sqmdata01.sqm 2008-02-18 01:24 . 2008-02-18 01:24 244 --ah----- C:\sqmnoopt01.sqm 2008-02-18 00:54 . 2008-02-18 00:54 <DIR> d-------- C:\Documents and Settings\Danilo Korac\.thumbnails 2008-02-18 00:53 . 2008-02-18 00:53 <DIR> d-------- C:\Documents and Settings\Danilo Korac\.gimp-2.2 2008-02-18 00:52 . 2008-02-18 00:52 <DIR> d-------- C:\Program Files\GIMP-2.0 2008-02-18 00:51 . 2008-02-18 00:51 <DIR> d-------- C:\Program Files\Common Files\GTK 2008-02-17 11:51 . 2008-02-17 11:51 <DIR> d-------- C:\Documents and Settings\Danilo Korac\Contacts 2008-02-17 10:47 . 2008-02-17 10:47 268 --ah----- C:\sqmdata00.sqm 2008-02-17 10:47 . 2008-02-17 10:47 244 --ah----- C:\sqmnoopt00.sqm 2008-02-17 00:19 . 2008-02-17 00:19 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE 2008-02-17 00:19 . 2008-02-17 00:19 <DIR> d-------- C:\Program Files\Windows Live 2008-02-15 10:59 . 2008-02-15 10:59 <DIR> d--hs---- C:\FOUND.001 2008-02-14 15:36 . 2008-02-14 15:36 <DIR> d-------- C:\WINDOWS\Sun 2008-02-14 00:07 . 2008-02-14 00:08 <DIR> d-------- C:\Program Files\SpeedFan 2008-02-14 00:07 . 2008-02-14 00:08 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-02-13 22:11 . 2008-02-13 22:11 <DIR> d--hs---- C:\FOUND.000 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-11 05:54 684,549 ----a-w C:\WINDOWS\system32\unins000.exe 2008-02-11 05:53 --------- d-----w C:\Documents and Settings\Danilo Korac\Application Data\Media Player Classic 2008-02-11 05:53 --------- d-----w C:\Documents and Settings\Danilo Korac\Application Data\DivX 2008-02-10 02:19 --------- d-----w C:\Program Files\Screamer Radio 2008-02-10 00:27 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-02-09 22:09 --------- d-----w C:\Program Files\Java 2008-02-09 22:09 --------- d-----w C:\Program Files\Common Files\Java 2008-02-08 10:39 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-02-07 21:12 --------- d-----w C:\Program Files\Alwil Software 2008-02-07 21:11 --------- d-----w C:\Program Files\ASUS 2008-02-07 21:07 --------- d-----w C:\Program Files\Analog Devices 2008-02-07 20:14 --------- d-----w C:\Documents and Settings\Danilo Korac\Application Data\Sports Interactive 2008-02-07 20:12 --------- d-----w C:\Program Files\AIMP2 2008-02-07 20:10 --------- d-----w C:\Program Files\XP Codec Pack 2008-02-07 20:09 --------- d-----w C:\Program Files\DivX 2008-02-07 20:06 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2008-02-07 13:00 --------- d-----w C:\Program Files\Free Download Manager 2008-02-07 13:00 --------- d-----w C:\Documents and Settings\Danilo Korac\Application Data\Free Download Manager 2008-02-07 13:00 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeDownloadManager.ORG 2008-02-07 09:07 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-02-07 09:07 --------- d-----w C:\Program Files\TP-LINK 2008-02-07 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-07 09:04 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-07 08:56 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-07 08:31 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-07 08:26 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-22 18:07 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll . ------- Sigcheck ------- 2006-12-18 19:33 1040384 4cf21cb1dfbc7d3ccd6c9e4b195ba3ab C:\WINDOWS\explorer.exe 2006-12-18 19:33 1040384 d4bbb09ee59916d666a770eb028bf0e7 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2000-08-31 07:00:00 174,080 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE - 2006-12-18 18:35:54 23,040 ----a-w C:\WINDOWS\kb913800.exe + 2006-12-18 18:35:54 30,208 ----a-w C:\WINDOWS\kb913800.exe - 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 07:00:00 37,376 ----a-w C:\WINDOWS\Nircmd.exe - 2008-03-13 16:54:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-13 17:13:22 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-03-13 16:54:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-03-13 17:13:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-03-13 16:54:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-03-13 17:13:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-12-18 18:33:44 98,304 ----a-w C:\WINDOWS\system32\cscript.exe + 2006-12-18 18:33:44 106,496 ----a-w C:\WINDOWS\system32\cscript.exe - 2001-08-23 11:00:00 9,216 ----a-w C:\WINDOWS\system32\find.exe + 2001-08-23 11:00:00 16,384 ----a-w C:\WINDOWS\system32\find.exe - 2004-08-03 22:56:50 27,136 ----a-w C:\WINDOWS\system32\findstr.exe + 2004-08-03 22:56:50 34,304 ----a-w C:\WINDOWS\system32\findstr.exe - 2004-08-03 22:56:50 39,424 ----a-w C:\WINDOWS\system32\grpconv.exe + 2004-08-03 22:56:50 46,592 ----a-w C:\WINDOWS\system32\grpconv.exe - 2004-08-03 22:56:56 124,928 ----a-w C:\WINDOWS\system32\net1.exe + 2004-08-03 22:56:56 132,096 ----a-w C:\WINDOWS\system32\net1.exe - 2008-03-13 16:59:06 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-13 17:17:36 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-13 16:59:06 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-13 17:17:36 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat - 2001-08-23 11:00:00 19,968 ----a-w C:\WINDOWS\system32\route.exe + 2001-08-23 11:00:00 27,136 ----a-w C:\WINDOWS\system32\route.exe - 2001-08-23 11:00:00 23,552 ----a-w C:\WINDOWS\system32\sort.exe + 2001-08-23 11:00:00 30,720 ----a-w C:\WINDOWS\system32\sort.exe - 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe + 2000-08-31 07:00:00 169,472 ----a-w C:\WINDOWS\system32\swreg.exe - 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe + 2000-08-31 07:00:00 60,996 ----a-w C:\WINDOWS\system32\VFind.exe - 2004-08-03 22:56:58 13,824 ----a-w C:\WINDOWS\system32\wscntfy.exe + 2004-08-03 22:56:58 20,992 ----a-w C:\WINDOWS\system32\wscntfy.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 22528] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl] "TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 16:12 372736] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1634304 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 15:50 106496] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:35 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "F:\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\system32\drivers\ASUSHWIO.sys [] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-13 18:32:57 Windows 5.1.2600 Service Pack 2 FAT NTAPI detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-03-13 18:33:24 ComboFix-quarantined-files.txt 2008-03-13 17:33:24 ComboFix2.txt 2008-03-13 17:10:32

Profil

dr_Bora Poslao: 13 Mar 2008 18:41 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Restartuj PC, reci mi kakvo je sada stanje i uradi sledeće: Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Save ... dugme ispod i sačuvaj taj logfile Priloži sačuvani logfile uz poruku

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem u startupu

Ko je trenutno na forumu

Ukupno su 937 korisnika na forumu :: 177 registrovanih, 10 sakrivenih i 750 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 10x10.9, 357magnum, _stipa_, abramac, Aco_GM, Aleksandar1991, AleksSE, amaterSRB, Antoni S, Apis Dr, Aristotle2002, atmel, B61, babaroga, Badja, Batko.VD.65, Baždaranac, Bbbggg1979, bigfoot, Bojan198527, Bojke549, bokicacar, bolimejoli, boranin45, Bosnjo, bounty hunters, brandža84, Burundi, CHARLIE JA., chica, Cicumile, Corba, crazydkure, croato, cyprus, Daba75, DaliborVukadinovic, Darko8, deks, delboy, Demi87, Djokislav, Dobrovoljacsrb, doktor097, Dolinc, draganca, draganst, dragisa dragisa, dukajov, Dukelander, Dzambas, Džekson, ElGenius, Ercomero, Feller, fokac, Folkstar, Fulcrum, GH69, Great White, grenadir, HrcAk47, hyla, Imperator_Aleksandr_lll, IvanMiletic, Jablan, Jester, Jezekijel, jopicus, Još malo pa deda, Kajzer Soze, Kamov, Kapo64, kaput21, Kibice, kihot, Koca Popovic, kolateralnasteta, Koser, kozhedub, Kružić, Kubovac, kutija11, ladro, laurusri, Lazarus, Leonov, Levi, ljuba.b, LjubisaR, Ljusa, LostInSpaceandTime, luka1978, luka35, M74AB3, Magistar78, majstro, Manjane, Marko00, Marko1238, markoskjk, Marky, MarsRed, Maverik, MikeHammer, Miki01, Miki281, mile.ilic75, Miler88, mist-mist, Mitraljeta, MP Rail, Murko, Naturelo, Natuzzi, nazgul75, neko iz mase, Nemanja94, nenad81, nnovakis, Nobunaga, ognjentrm, Orc, paja69, Parker, PC_Liu94, pera bager, Petarvu, Petrusci, Pilipenda, PMsnow, Podljub, PrincipL, probisic, Prometeus, raptorsi, Remain, Resnica, Rogan33, ruma, S-lash, Salence74, samo_srpski, samojednoimeznam, sap, sevenino, Skenderbeg, skok, Srky Boy, ssekir75, sspp, stegonosa, synergia, Tafocus, Tandrkalo, Tastatura ratnik, TheBeastOfMG, Tomo988, Ulzana, urosbg, Vanderx, Vasilije74, Veless, vidra1, vladulns, xAlex2, yip314, Zdenko, Zerajic, zile.obr, zzapNDjuric99, zziko, |_MeD_|, Žoržo, Đurđevdan, 1107, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by