Restart iz cista mira.

Restart iz cista mira.

offline
  • Pridružio: 14 Okt 2007
  • Poruke: 87
  • Gde živiš: U kuci

Kada radim nesto na komp.desi se da se komp.restartuje iz cista mira.Kupio sam mis pre 2-3 dana i od tada je poceo da se restartuje.Mislio sam mozda je do drajvera pa sam obrisao i skinuo novi sa sajta firme koja pravi taj mis,ali opet nista.

Logfile of HijackThis v1.99.1
Scan saved at 10:19:17 PM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Documents and Settings\Kozic\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe
C:\Documents and Settings\Kozic\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
C:\Documents and Settings\Kozic\Desktop\1CryptLoad_1.0.4\CryptLoad.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kozic\Desktop\New Folder\tr3.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\RunServices: [Microsoft] svchost32.exe
O4 - HKCU\..\Run: [NoAdware5] "C:\Program Files\NoAdware5.0\NoAdware5.exe" :Min:
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kozic\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Kozic\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 14 Okt 2007
  • Poruke: 87
  • Gde živiš: U kuci

ComboFix 08-04-04.1 - Kozic 2008-04-06 11:15:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.979 [GMT 2:00]
Running from: C:\Documents and Settings\Kozic\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\0026BA8D.dat
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\system32\snku5483.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-05 14:42 . 2008-04-05 19:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 14:42 . 2008-04-05 14:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 13:37 . 2008-04-05 13:37 1,720,086 --a------ C:\WINDOWS\system32\TmpA8429687
2008-04-05 10:58 . 2008-04-05 11:30 17,408 --a------ C:\psapi.dll
2008-04-04 19:41 . 2008-04-04 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3E318E90-4BE6-4440-A0EE-2EAF8419199C}
2008-04-04 19:41 . 2007-02-13 07:42 14,848 --a------ C:\WINDOWS\system32\drivers\KMWDFilter.SYS
2008-04-04 19:40 . 2006-01-06 15:52 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-03 23:26 . 2008-04-03 23:26 <DIR> d-------- C:\Program Files\directx
2008-04-02 19:16 . 2008-04-02 19:16 24 --a------ C:\WINDOWS\ES_2_D1.prf
2008-04-02 19:16 . 2008-04-02 19:16 24 --a------ C:\WINDOWS\ES_1_D1.prf
2008-04-02 19:16 . 2008-04-02 19:16 24 --a------ C:\WINDOWS\AM_D0.PRF
2008-03-30 23:58 . 2008-03-30 23:58 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-30 23:58 . 1998-12-08 18:53 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-03-30 19:47 . 2008-03-30 19:47 <DIR> d-------- C:\Downloads
2008-03-30 03:41 . 2008-03-30 03:41 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-03-28 05:26 . 2008-03-28 05:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-03-28 05:25 . 2008-03-28 05:25 <DIR> d-------- C:\Program Files\GRETECH
2008-03-28 05:25 . 2008-03-28 05:25 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\GRETECH
2008-03-27 08:45 . 2008-03-27 08:45 <DIR> d-------- C:\Logs
2008-03-26 07:35 . 2008-03-26 07:36 <DIR> d-------- C:\Program Files\Image-Line
2008-03-26 07:32 . 2008-03-26 07:32 <DIR> d-------- C:\Documents and Settings\Kozic\.borland
2008-03-26 04:29 . 2008-03-26 04:29 12,969 --a------ C:\WINDOWS\winsight.ini
2008-03-26 04:10 . 2008-03-26 04:10 13,030 --a------ C:\PDOXUSRS.NET
2008-03-26 04:00 . 2008-03-30 09:17 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-03-26 04:00 . 2008-03-26 04:00 <DIR> d-------- C:\Program Files\Borland
2008-03-26 03:42 . 2008-03-26 03:48 <DIR> d-------- C:\Program Files\URUSoft
2008-03-25 05:36 . 2008-03-25 05:36 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\Ashampoo
2008-03-25 05:36 . 2008-03-25 05:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-03-25 05:26 . 2008-03-25 05:27 <DIR> d-------- C:\Program Files\EasyBurning
2008-03-24 01:51 . 2005-09-08 04:02 3,072 --a------ C:\WINDOWS\system32\drivers\sfcure01.sys
2008-03-23 20:34 . 2008-03-23 20:34 <DIR> d-------- C:\Temp
2008-03-22 00:24 . 2008-03-22 00:24 <DIR> d-------- C:\Program Files\Alex Feinman
2008-03-21 19:07 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-03-21 19:07 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-03-21 19:07 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-03-21 19:07 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-03-21 19:07 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-03-21 19:07 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-21 19:07 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-03-21 19:07 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-21 19:07 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-03-21 19:06 . 2008-03-21 19:07 <DIR> d-------- C:\Program Files\Ahead
2008-03-20 20:15 . 2008-03-20 20:15 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-03-18 23:25 . 2008-03-18 23:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-18 23:24 . 2008-03-18 23:24 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-18 23:23 . 2008-04-05 15:16 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\Xfire
2008-03-18 23:22 . 2008-04-04 21:08 <DIR> d-------- C:\Program Files\Xfire
2008-03-18 22:46 . 2008-03-18 22:46 <DIR> d-------- C:\WINDOWS\wb
2008-03-18 16:31 . 2008-03-18 16:31 770,048 --a------ C:\WINDOWS\TMUninst.exe
2008-03-18 16:08 . 2008-03-18 16:08 120,320 --a------ C:\WINDOWS\system32\drivers\SSHDRV65.sys
2008-03-18 13:15 . 2008-03-18 15:27 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\SpieleEntwicklungsKombinat
2008-03-18 13:15 . 2008-03-18 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpieleEntwicklungsKombinat
2008-03-18 02:29 . 2008-03-28 06:09 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-18 01:46 . 2004-06-16 07:03 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-03-16 17:07 . 2008-03-18 01:42 <DIR> d-------- C:\Documents and Settings\Kozic\Penumbra.Black.Plague.Update.1.0.1-ViTALiTY
2008-03-16 16:19 . 2008-03-16 16:19 <DIR> d-------- C:\Program Files\OpenAL
2008-03-16 16:19 . 2008-03-20 20:35 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-03-16 16:19 . 2008-03-20 20:35 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-03-14 01:05 . 2008-03-14 01:05 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-13 15:21 . 2008-03-13 15:21 73 --a------ C:\WINDOWS\sec23.dat
2008-03-13 02:34 . 2008-03-13 02:34 <DIR> d-------- C:\Program Files\Nsasoft
2008-03-12 23:35 . 2008-03-12 23:35 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\FreeCall
2008-03-08 16:04 . 2008-03-08 16:04 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\Ubisoft
2008-03-08 16:04 . 2008-03-08 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-08 16:04 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-08 16:04 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-08 16:04 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-08 16:04 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-06 20:51 . 2008-03-06 20:51 5,694 --a------ C:\Sdicon32.ico

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 09:15 --------- d-----w C:\Documents and Settings\Kozic\Application Data\Free Download Manager
2008-04-06 09:05 --------- d-----w C:\Program Files\NoAdware5.0
2008-04-05 23:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 22:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-05 22:18 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-05 22:18 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-05 11:47 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-04-05 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-04-05 11:43 --------- d-----w C:\Program Files\Sketch Master
2008-04-04 19:38 --------- d-----w C:\Documents and Settings\Kozic\Application Data\Ulead Systems
2008-04-04 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-04 18:04 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-02 02:49 --------- d-----w C:\Documents and Settings\Kozic\Application Data\uTorrent
2008-03-30 22:10 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 20:06 22,328 ----a-w C:\Documents and Settings\Kozic\Application Data\PnkBstrK.sys
2008-03-30 07:13 --------- d-----w C:\Program Files\Autodesk
2008-03-29 12:29 --------- d-----w C:\Program Files\VirtualDJ
2008-03-26 04:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-25 18:19 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-25 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-24 22:42 --------- d-----w C:\Documents and Settings\Kozic\Application Data\Winamp
2008-03-23 16:03 --------- d-----w C:\Program Files\LimeWire
2008-03-23 12:07 --------- d-----w C:\Documents and Settings\Kozic\Application Data\InstallShield
2008-03-21 17:06 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-19 02:22 --------- d-----w C:\Program Files\sysreset
2008-03-19 02:22 --------- d-----w C:\Documents and Settings\Kozic\Application Data\mIRC
2008-03-19 02:21 --------- d-----w C:\Program Files\WhereIsIt
2008-03-16 22:04 --------- d-----w C:\Documents and Settings\Kozic\Application Data\THQ
2008-03-06 15:45 --------- d-----w C:\Documents and Settings\Kozic\Application Data\Autodesk
2008-03-03 22:03 --------- d-----w C:\Program Files\Eset
2008-03-01 19:27 --------- d-----w C:\Documents and Settings\Kozic\Application Data\LimeWire
2008-02-25 01:22 --------- d-----w C:\Program Files\aSkola
2008-02-22 00:41 --------- d-----w C:\Program Files\SubFind
2008-02-20 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-02-19 19:25 --------- d-----w C:\Program Files\Microsoft WSE
2008-02-14 21:21 --------- d-----w C:\Program Files\Free Download Manager
2008-02-14 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-02-10 19:40 --------- d-----w C:\Documents and Settings\Kozic\Application Data\Samsung
2008-02-08 18:18 --------- d-----w C:\Program Files\Windows Live
2008-01-21 13:47 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
.

------- Sigcheck -------

2006-01-13 04:03 360448 2a4818aea80acd2c95d7d92d2f3155f8 C:\WINDOWS\system32\drivers\tcpip.sys

2006-01-13 04:04 2187904 c3b84871dece94e335b96fafd756316c C:\WINDOWS\system32\ntoskrnl.exe

2006-01-13 03:46 1075200 2deaca71a7fd77205f59d48d76b2f565 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NoAdware5"="C:\Program Files\NoAdware5.0\NoAdware5.exe" [2007-01-12 13:17 1695744]
"Google Update"="C:\Documents and Settings\Kozic\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-03-18 22:52 51184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-02-13 19:02 2453551]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 23:56 86960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft"="svchost32.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-13 03:36 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2006-01-13 03:49 388608 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-01-13 03:25 44544]

C:\Documents and Settings\Kozic\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
YouTube Uploader.lnk - C:\Documents and Settings\Kozic\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 14:33:08 71152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.wmv3"= wmv9vcm.dll
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv
"VIDC.ACDV"= ACDV.dll
"VIDC.FPS1"= frapsvid.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\sysreset\\mirc.exe"=
"D:\\Warcraft III\\war3.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"D:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\sysreset\\mirc.bet.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"D:\\Cryptload\\Rollcage Stage II\\BIN\\Rollcage D3D.exe"=
"D:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:war3

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 18:11]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2008-03-18 16:08]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-02-13 07:42]
S3 FXDRV;FXDRV;E:\Fxdrv.sys []
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k310bus.sys [2006-03-10 15:03]
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k310mdfl.sys [2006-03-10 15:03]
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k310mdm.sys [2006-03-10 15:03]
S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k310obex.sys [2006-03-10 15:03]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 22:34]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 11:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 11:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 11:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 11:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 11:42]
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5210127c-c115-11dc-8678-0014858b792a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-04-06 11:16:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Kozic\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\NoAdware5.0\nutils.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NoAdware5.0\nutils.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\NoAdware5.0\nutils.dll
.
Completion time: 2008-04-06 11:17:22
ComboFix-quarantined-files.txt 2008-04-06 09:17:07
Pre-Run: 5,030,420,480 bytes free
Post-Run: 5,057,712,128 bytes free

Dopuna: 06 Apr 2008 18:07

Resio sam,reinstaliro sam windows,u svakom slucaju hvala,pozzz

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

U redu.Tema ide u Arhivu ambulante.

Ko je trenutno na forumu
 

Ukupno su 921 korisnika na forumu :: 44 registrovanih, 6 sakrivenih i 871 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Bane san, BlekMen, Brana01, bufanje, Denaya, Dimitrije Paunovic, FOX, Frunze, Georgius, ILGromovnik, ivan979, Ivica1102, Karla, kovinacc, kybonacci, laurusri, Leonov, ljuba, ljubacv, Lošmi, maiden6657, milenko crazy north, Milometer, milutin134, Mlav, Mravce, nenad81, opt1, pein, Rakenica, raptorsi, sasa87, solic, sombrero, Srky Boy, Srle993, Steeeefan, vathra, Vlad000, Vlajman1957, YU-UKI, YugoSlav, zillbg