Reinstalacija ili...?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 11:11:15, on 3.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Administrator\Desktop\New Folder\iv.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Siemens\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Siemens\Adsl\dslagent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkcentre
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....6360457593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56018CAF-526B-4F4D-B312-57A1BA70D28D}: NameServer = 195.66.160.1,195.66.160.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: MFP Data Manage Super - Panasonic Communications Co., Ltd. - C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe
O23 - Service: OracleOraHome90ClientCache - Unknown owner - C:\oracle\ora90\BIN\ONRSD.EXE
O23 - Service: Port Controller - Unknown owner - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mgcsload.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

Racunar radi samo u safe modu(u normalnom rezimu to izgleda kao nemoguca misija),tako je ovaj log i uradjen ako je on uopste i relevantan... Reinstalacija ili bi ipak nesto moglo da se uradi?

SREĆNA NOVA GODINA SVIMA!

Dopuna: 03 Jan 2008 11:56

Norman Malware Cleaner log:

Norman Malware Cleaner
Copyright © 1990 - 2007, Norman ASA. Built 2007/12/21 00:58:18

Norman Scanner Engine Version: 5.91.08
Nvcbin.def Version: 5.90.00, Date: 2007/12/21 00:58:18, Variants: 1101322

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode with network) Service Pack 2
Logged on user: PCSEFREC\Administrator

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" -> ""

Scan started: 03/01/2008 11:18:58


Scanning running processes and process memory...

Number of processes/threads found: 853
Number of processes/threads scanned: 853
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 15s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Administrator\scvhost.exe (Infected with W32/Agent.DNBM)
Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run -> default = "C:\Documents and Settings\Administrator\scvhost.exe"
Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce -> ati = "C:\Documents and Settings\Administrator\scvhost.exe"
Deleted file

C:\Documents and Settings\Administrator\My Documents\autorun.exe (Infected with W32/Agent.DNBM)
Deleted file

C:\Documents and Settings\sefrec\My Documents\Billiard_Deluxe.rar/RR (Error whilst scanning file: I/O Error)

C:\oracle\ora90\ord\jlib\ordhttp11.zip/oracle/ord/im/OrdHttpMsgs.properties (Error whilst scanning file: I/O Error)

C:\RECYCLER\S-1-5-21-1725340384-1735251801-3866292175-1006\Dc166\autorun.exe (Infected with W32/Agent.DNBM)
Deleted file

C:\shef recepcije\mydocs\abbyyfinereaderprofessionalv700543_GsAqEuFoRaDaVoDo.zip/ABBYfinereader-v7-key/hgo-fr7p.exe (Infected with W32/Suspicious_F.gen)
Deleted file

C:\shef recepcije\mydocs\abbyyfinereaderprofessionalv7[1].0.0.1006_cyqaTAoDhXD.zip/keygen.rar/AV (Error whilst scanning file: I/O Error)

C:\shef recepcije\mydocs\abbyyfinereaderprofessionalv700543_GsAqEuFoRaDaVoDo\ABBYfinereader-v7-key\hgo-fr7p.exe (Infected with W32/Suspicious_F.gen)
Deleted file

C:\shef recepcije\mydocs\abbyyfinereaderprofessionalv7[1].0.0.1006_cyqaTAoDhXD\keygen.rar/AV (Error whilst scanning file: I/O Error)

C:\WINDOWS\system32\winlogon.scr (Infected with W32/Agent.DNBM)
Removed registry value: HKCU\Control Panel\Desktop -> SCRNSAVE.EXE = "C:\WINDOWS\System32\winlogon.scr"
Removed registry value: HKCU\Control Panel\Desktop -> ScreenSaveActive = "1"
Deleted file

C:\WINDOWS\system32\drivers\sysdrv.exe (Infected with W32/Agent.DNBM)
Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run -> main = "C:\WINDOWS\System32\drivers\sysdrv.exe"
Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce -> sysinit = "C:\WINDOWS\System32\drivers\sysdrv.exe"
Removed registry key: HKCR\Applications\ -> sysdrv.exe
Deleted file

Scanning: c:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 147666
Number of archives unpacked: 6435
Number of files scanned: 147637
Number of files not scanned: 29
Number of files skipped due to exclude list: 0
Number of infected files found: 7
Number of infected files repaired/deleted: 7
Number of infections removed: 7
Total scanning time: 26m 44s

Sama sam preduzela neke korake poucena prethodnim iskustvom...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav, anaivana...

Hajde sad ti meni lepo reci koliko kompjutera imaš?

Nadam se da su sve privatni kompjuteri u pitanju...



Kakvo je sada stanje? Možeš li pokrenuti Normal mode?


Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo loga:
ComboFix 08-01-03.3 - Administrator 2008-01-03 13:12:02.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.344 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\New Folder (2)\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 13:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 11:13 . 2008-01-03 11:59 250 --a------ C:\WINDOWS\gmer.ini
2008-01-03 10:14 . 2008-01-03 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-05 11:27 . 2007-12-13 12:14 5,427 --a------ C:\WINDOWS\EGATHDRV.TMP
2007-12-05 10:18 . 2007-12-05 10:18 <DIR> d-------- C:\Program Files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 19:56 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2007-12-05 18:18 --------- d-----w C:\Documents and Settings\sefrec\Application Data\Lavasoft
2007-11-29 18:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-16 03:07 --------- d-----w C:\Documents and Settings\sefrec\Application Data\Skype
2007-11-16 01:35 --------- d-----w C:\Documents and Settings\sefrec\Application Data\Winamp
2007-11-10 01:27 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-06 18:45 --------- d-----w C:\Program Files\Mahjongg Artifacts Chapter 2
2007-11-06 18:37 --------- d-----w C:\Program Files\ReflexiveArcade
2007-10-26 03:34 8,460,288 ------w C:\WINDOWS\system32\dllcache\shell32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 14:34 49152 C:\WINDOWS\system32\ico.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-23 11:41 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-23 11:44 86016]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-23 11:40 81920]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-13 22:23 487424]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-03-22 08:10 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-04-18 09:05 69632]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 04:01 503808]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-08-18 17:22 85696]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 20:54 1838592]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 10:08 335872]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 16:38 41472]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-05-12 20:15 2333440]
"DSLSTATEXE"="C:\Program Files\Siemens\Adsl\dslstat.exe" [2004-07-09 05:39 356352]
"DSLAGENTEXE"="C:\Program Files\Siemens\Adsl\dslagent.exe" [2004-02-20 08:26 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-26 11:35 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-04-18 09:05 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55]
R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 13:25]
S2 MFP Data Manage Super;MFP Data Manage Super;C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe [2003-03-18 12:20]
S2 Mgcscrd;MFP Com Redirector;C:\WINDOWS\system32\drivers\mgcscrd.sys [2000-12-19 12:43]
S2 MGCSECP;MGCSECP;C:\WINDOWS\system32\drivers\MGCSECP.sys [2001-10-25 19:05]
S2 Port Controller;Port Controller;C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mgcsload.exe [2003-02-19 01:16]
S2 PrivateDisk;PrivateDisk;C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 16:05]
S2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-05-12 18:10]
S3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-02-27 16:14]
S3 OracleOraHome90ClientCache;OracleOraHome90ClientCache;C:\oracle\ora90\BIN\ONRSD.EXE [2001-08-14 17:25]
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54]

.
Contents of the 'Scheduled Tasks' folder
"2007-04-02 20:06:41 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-03 13:14:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 13:14:54
ComboFix-quarantined-files.txt 2008-01-03 21:14:47
.
2007-11-14 23:21:42 --- E O F ---

A sad idu odgovori:

Kompjuteri na zalost nijesu privatni... A ima ih jos jedno 3 problematicna(te samo i brojim),ove druge sam manje vise sve u red dovela(vi ste pomogli oko 2):-)
Inace stanje ovog racunara je lose a to znaci da jos uvjek ne radi u Normal modu...
Pozdrav i tebi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Prvo sto sam uradila kad je doslo do 'havarije' sa ovim racunarom pokusala sa DR. Web-om,on je tad nasao virusa medjutim nije ih se dezivikovao (obrisao) vec je nekoliko njih i preimenovao. Sada sam ponovila i nije nadjeno nista, znaci da nema promjena tj. poboljsanja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kao što rekoh, ovde više nema malware-a.

Repair ili format/reinstall... To je sve što ti mogu savetovati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokusat cu... Hvala puno na pomoci!
Pozdrav