Sta je ovo cudo !!!

Sta je ovo cudo !!!

offline
  • Pridružio: 20 Sep 2008
  • Poruke: 15

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:23 PM, on 11/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Outlook Messenger\OutlookMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
C:\Program Files\BWMeter\BWMeter.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Documents and Settings\dean\Desktop\aaaaaaaaa\TR3.exe.exe

R3 - URLSearchHook: goonlinetv Toolbar - {8e2059f1-eda8-4ce0-bbea-b51c2cc43382} - C:\Program Files\goonlinetv\tbgoon.dll
F3 - REG:win.ini: run=
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: goonlinetv Toolbar - {8e2059f1-eda8-4ce0-bbea-b51c2cc43382} - C:\Program Files\goonlinetv\tbgoon.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: goonlinetv Toolbar - {8e2059f1-eda8-4ce0-bbea-b51c2cc43382} - C:\Program Files\goonlinetv\tbgoon.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OutlookMessenger] "C:\Program Files\Outlook Messenger\OutlookMessenger.exe" /m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launch Softros Messenger.lnk = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampp\service.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6367 bytes

Problem je u tome sto nece da mi startuje Windows.....treba 100 put da restartiram kompjuter pre da se ukljuci.....a nekad to ide iz prve ...cudno ( bar za mene hehe)

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Ovo je čist log - a problem verovatno nije prouzrokovan malware-om.

No, izvršićemo još jednu proveru...



Klikni desnim tasterom miša na BitDefender ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Show.
Nakon toga, takođe, u donjem, desnom uglu prozora izaberi Settings.
Zatim odštikliraj Real-Time potection is enabled, i u padajućem meniju izaberi Permanently i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-------------------------------------------------------------------------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 20 Sep 2008
  • Poruke: 15

Citat:Klikni desnim tasterom miša na BitDefender ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Show.
Nakon toga, takođe, u donjem, desnom uglu prozora izaberi Settings.
Zatim odštikliraj Real-Time potection is enabled, i u padajućem meniju izaberi Permanently i klikni OK.


Hm..... nesto izgleda nisam razumio , nakon klikom na Show otvara mi se BitDefender ikonica ali na njega u desni donji ugao nema opcija Settings vec je ima gore ali kad udzem u nju ne postoji opcija Real-Time potection is enabled

Embarassed Embarassed

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preskoči taj deo i isprati ostatak uputstva.

offline
  • Pridružio: 20 Sep 2008
  • Poruke: 15

ComboFix 08-11-05.02 - dean 2008-11-06 19:15:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.315 [GMT 1:00]
Running from: c:\documents and settings\dean\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-10-30 20:07 . 2008-10-30 20:09 101 --a------ c:\windows\CMMIXER.INI
2008-10-26 04:48 . 2008-10-26 04:48 <DIR> d--hs---- C:\found.000
2008-10-25 02:39 . 2008-10-25 02:39 268 --ah----- C:\sqmdata02.sqm
2008-10-25 02:39 . 2008-10-25 02:39 244 --ah----- C:\sqmnoopt02.sqm
2008-10-21 00:01 . 2008-10-22 12:47 <DIR> d-------- c:\program files\mIRC
2008-10-21 00:01 . 2008-10-22 12:48 <DIR> d-------- c:\documents and settings\dean\Application Data\mIRC
2008-10-15 12:00 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 12:00 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 12:00 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 12:00 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-12 23:56 . 2008-10-12 23:56 58 --a------ c:\windows\my.ini
2008-10-12 13:00 . 2008-10-12 13:02 <DIR> d-------- C:\xampp
2008-10-12 00:54 . 2008-10-12 00:55 <DIR> d-------- c:\program files\SubDownloader2
2008-10-10 19:32 . 2008-10-10 19:33 <DIR> d-------- c:\program files\FormatFactory
2008-10-10 12:15 . 2008-10-10 12:15 268 --ah----- C:\sqmdata01.sqm
2008-10-10 12:15 . 2008-10-10 12:15 244 --ah----- C:\sqmnoopt01.sqm
2008-10-09 18:54 . 2008-01-10 01:18 <DIR> d-------- c:\program files\RapidShare Manager (RSM)
2008-10-08 21:11 . 2008-10-08 21:11 <DIR> d-------- c:\program files\Paint.NET
2008-10-08 21:05 . 2008-10-08 21:05 <DIR> d-------- c:\windows\system32\XPSViewer
2008-10-08 21:05 . 2008-10-08 21:05 <DIR> d-------- c:\program files\Reference Assemblies
2008-10-08 21:05 . 2008-10-08 21:05 <DIR> d-------- c:\program files\MSBuild
2008-10-08 21:04 . 2006-06-29 12:07 14,048 --------- c:\windows\system32\spmsg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 18:23 81,984 ----a-w c:\windows\system32\bdod.bin
2008-11-06 18:23 --------- d-----w c:\documents and settings\dean\Application Data\DMCache
2008-11-06 14:56 --------- d-----w c:\documents and settings\dean\Application Data\IDM
2008-11-06 14:53 81,920 ----a-w c:\windows\DUMPf09e.tmp
2008-11-06 14:50 81,920 ----a-w c:\windows\DUMPf275.tmp
2008-11-06 14:48 81,920 ----a-w c:\windows\DUMPf13e.tmp
2008-11-06 14:45 81,920 ----a-w c:\windows\DUMP4212.tmp
2008-11-06 14:44 81,920 ----a-w c:\windows\DUMP2640.tmp
2008-11-06 14:42 81,920 ----a-w c:\windows\DUMP2e4f.tmp
2008-11-06 14:39 81,920 ----a-w c:\windows\DUMP33b5.tmp
2008-11-06 14:37 81,920 ----a-w c:\windows\DUMP3e77.tmp
2008-11-06 14:34 81,920 ----a-w c:\windows\DUMP01d4.tmp
2008-11-06 14:32 81,920 ----a-w c:\windows\DUMP213e.tmp
2008-11-06 14:30 81,920 ----a-w c:\windows\DUMP6d22.tmp
2008-11-06 14:27 81,920 ----a-w c:\windows\DUMP1ca0.tmp
2008-11-06 14:24 81,920 ----a-w c:\windows\DUMP9e76.tmp
2008-11-06 14:21 81,920 ----a-w c:\windows\DUMPd35a.tmp
2008-11-06 14:19 81,920 ----a-w c:\windows\DUMPead2.tmp
2008-11-06 14:13 81,920 ----a-w c:\windows\DUMP5955.tmp
2008-11-05 21:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-05 11:05 --------- d-----w c:\documents and settings\dean\Application Data\Skype
2008-11-05 10:17 --------- d-----w c:\documents and settings\dean\Application Data\skypePM
2008-11-04 13:45 81,920 ----a-w c:\windows\DUMP415e.tmp
2008-11-04 13:44 81,920 ----a-w c:\windows\DUMP56ae.tmp
2008-11-04 13:40 81,920 ----a-w c:\windows\DUMP6776.tmp
2008-11-04 13:34 81,920 ----a-w c:\windows\DUMP42f8.tmp
2008-11-04 13:33 81,920 ----a-w c:\windows\DUMP7364.tmp
2008-11-04 13:30 81,920 ----a-w c:\windows\DUMPb29b.tmp
2008-11-04 13:25 81,920 ----a-w c:\windows\DUMP4a8f.tmp
2008-11-04 13:24 81,920 ----a-w c:\windows\DUMP3262.tmp
2008-11-04 13:22 81,920 ----a-w c:\windows\DUMP4038.tmp
2008-10-26 14:59 88 --sh--r c:\documents and settings\All Users\Application Data\020553638E.sys
2008-10-26 14:59 3,140 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-10-23 08:34 81,920 ----a-w c:\windows\DUMP474c.tmp
2008-10-21 20:48 --------- d-----w c:\documents and settings\dean\Application Data\Winamp
2008-10-04 13:29 --------- d-----w c:\documents and settings\dean\Application Data\Media Player Classic
2008-10-03 19:50 --------- d-----w c:\program files\Common Files\Macromedia
2008-10-03 19:49 --------- d-----w c:\program files\Macromedia
2008-10-03 19:45 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-29 21:23 --------- d-----w c:\program files\Outlook Messenger
2008-09-28 14:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-28 14:17 --------- d-----w c:\program files\Winamp
2008-09-28 10:57 --------- d-----w c:\program files\goonlinetv
2008-09-28 10:57 --------- d-----w c:\program files\Conduit
2008-09-27 21:08 --------- d-----w c:\program files\Trojan Remover
2008-09-27 21:08 --------- d-----w c:\documents and settings\dean\Application Data\Simply Super Software
2008-09-27 21:08 --------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2008-09-26 17:09 --------- d-----w c:\documents and settings\dean\Application Data\Corel
2008-09-26 16:57 --------- d-----w c:\program files\Common Files\Protexis
2008-09-26 16:57 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2008-09-26 16:54 --------- d-----w c:\program files\Common Files\Corel
2008-09-26 16:22 --------- d-----w c:\program files\Corel
2008-09-26 15:26 --------- d-----w c:\documents and settings\dean\Application Data\Ahead
2008-09-26 15:16 --------- d-----w c:\program files\Common Files\Ahead
2008-09-26 15:13 --------- d-----w c:\program files\Nero
2008-09-26 14:37 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-09-26 14:37 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2008-09-26 14:36 --------- d-----w c:\program files\Common Files\Adobe
2008-09-26 14:31 --------- d-----w c:\program files\Foxit Software
2008-09-26 14:30 --------- d-----w c:\documents and settings\dean\Application Data\Softros Messenger
2008-09-25 19:10 --------- d-----w c:\program files\Internet Download Manager
2008-09-25 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\DeskSoft
2008-09-25 18:46 26,920 ----a-w c:\windows\system32\drivers\dsnpfd.sys
2008-09-25 18:46 --------- d-----w c:\program files\BWMeter
2008-09-25 18:46 --------- d-----w c:\documents and settings\dean\Application Data\DeskSoft
2008-09-25 18:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-25 17:52 --------- d-----w c:\program files\Webteh
2008-09-25 17:51 --------- d-----w c:\program files\K-Lite Codec Pack
2008-09-25 17:41 --------- d-----w c:\program files\C-Media
2008-09-25 17:34 --------- d-----w c:\program files\Winamp Remote
2008-09-25 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\OrbNetworks
2008-09-25 17:23 --------- d-----w c:\program files\Skype
2008-09-25 17:23 --------- d-----w c:\program files\Common Files\Skype
2008-09-25 17:22 --------- d-----w c:\program files\Opera
2008-09-25 17:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-25 17:17 --------- d-----w c:\program files\FlashFXP
2008-09-25 17:17 --------- d-----w c:\documents and settings\All Users\Application Data\FlashFXP
2008-09-25 17:12 --------- d-----w c:\program files\Windows Live
2008-09-25 15:11 --------- d-----w c:\documents and settings\dean\Application Data\Bitdefender
2008-09-25 15:04 --------- d-----w c:\program files\Softwin
2008-09-25 15:04 --------- d-----w c:\program files\Common Files\Softwin
2008-09-25 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2008-09-25 14:16 --------- d-----w c:\program files\Common Files\BitDefender
2008-09-25 14:16 --------- d-----w c:\program files\BitDefender
2008-09-25 14:10 --------- d-----w c:\program files\Softros Systems
2008-09-25 13:53 --------- d-----w c:\program files\microsoft frontpage
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2001-11-23 04:08 712,704 ----a-r c:\windows\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8e2059f1-eda8-4ce0-bbea-b51c2cc43382}"= "c:\program files\goonlinetv\tbgoon.dll" [2008-08-05 1610264]

[HKEY_CLASSES_ROOT\clsid\{8e2059f1-eda8-4ce0-bbea-b51c2cc43382}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8e2059f1-eda8-4ce0-bbea-b51c2cc43382}]
2008-08-05 01:13 1610264 --a------ c:\program files\goonlinetv\tbgoon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8e2059f1-eda8-4ce0-bbea-b51c2cc43382}"= "c:\program files\goonlinetv\tbgoon.dll" [2008-08-05 1610264]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8E2059F1-EDA8-4CE0-BBEA-B51C2CC43382}"= "c:\program files\goonlinetv\tbgoon.dll" [2008-08-05 1610264]

[HKEY_CLASSES_ROOT\clsid\{8e2059f1-eda8-4ce0-bbea-b51c2cc43382}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-09-12 2606512]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]
"OutlookMessenger"="c:\program files\Outlook Messenger\OutlookMessenger.exe" [2007-08-27 4313088]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-08-19 914512]
"BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 290816]
"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

c:\documents and settings\dean\Start Menu\Programs\Startup\
BWMeter.lnk - c:\program files\BWMeter\BWMeter.exe [2008-09-25 603648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-26 113664]
Launch Softros Messenger.lnk - c:\program files\Softros Systems\Softros Messenger\Messenger.exe [2004-10-17 353280]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Softros Systems\\Softros Messenger\\Messenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Outlook Messenger\\OutlookMessenger.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 PSI_SVC_2;Protexis Licensing V2;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R3 dsnpfd;DeskSoft Service;c:\windows\system32\DRIVERS\dsnpfd.sys [2008-09-25 26920]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\dean\Application Data\Mozilla\Firefox\Profiles\todob1nv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1867391&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.conduit.com/?ctid=CT1867391&SearchSource=13
FF -: plugin - c:\program files\Opera\program\plugins\NP_IDM1.dll
FF -: plugin - c:\program files\Opera\program\plugins\NP_IDM2.dll
FF -: plugin - c:\program files\Opera\program\plugins\NP_IDM3.dll
FF -: plugin - c:\program files\Opera\program\plugins\NP_IDM4.dll
FF -: plugin - c:\program files\Opera\program\plugins\NP_IDM5.dll
FF -: plugin - c:\program files\Opera\program\plugins\NP_IDM6.dll
FF -: plugin - c:\program files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-06 19:24:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

....

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Priloži logfile C:\ComboFix.txt uz poruku korišćenjem opcije Prikači fajl.


Takođe, upload-uj sledeći file: c:\windows\DUMPf09e.tmp

Upload link: http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 20 Sep 2008
  • Poruke: 15

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

File je trebalo upload-ovati preko datog linka a ne postavljati ga u poruku.
Šta da je bio maliciozan?!


Anyway... Ovde nema malware-a.

Pomenuti problem može biti softverskog karaktera ali i hardverskog - dalja pitanja o tome možeš postaviti u Windows forumu (sa što preciznijim opisom problema).

offline
  • Pridružio: 20 Sep 2008
  • Poruke: 15

O.k hvala ti majstore i svaka cast na trudu

Ko je trenutno na forumu
 

Ukupno su 782 korisnika na forumu :: 34 registrovanih, 11 sakrivenih i 737 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AF-1, Atomski čoban, babaroga, bato, black_arrow, cikadeda, doktor1964, dragon986, Drug pukovnik, goxin, h8propaganda, ILGromovnik, kovinacc, KUZMAR, kybonacci, lovac12, lukac, Marko Marković, MB120mm, Miha79, Milan A. Nikolic, Mixelotti, Pohovani_00, raketaš, saputnik plavetnila, Smiljke, Snorks, stegonosa, USSVoyager, VJ, vlvl, xJeremijAx, |_MeD_|