MyCity » Ambulanta -> Arhiva Ambulante » Usporen rad kompa i stalno zauzeće neta

Usporen rad kompa i stalno zauzeće neta

Napisano na dan: 13.3.2009

Strana:
1
2
3
4
5

Usporen rad kompa i stalno zauzeće neta

Pagination

Prethodna strana

Odgovori

Strana:
1
2
3
4
5

pelle6 Poslao: 17 Mar 2009 02:14 Idi na vrh
offline pelle6 Građanin Pridružio: 07 Nov 2007 Poruke: 80 Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nego pre no što poćnem formatiranje da ti dam logo i drugog Windowsa. Malosam njuškao pa su mi reekli da je možda i on zaražen mada ja to ne primećujem nipočemu ali za svaki sluča da proverimo. Ako moram da reinstaliram barem da to odradim odjednom. Nego šta je sa onim bsplayerom? Pozzzzzdrav Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:05:02, on 17.3.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\ESET\ESET Smart Security\ekrn.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe D:\Program Files\ESET\ESET Smart Security\egui.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\WINDOWS\system32\ctfmon.exe D:\PROGRA~1\FLOCK\FLOCK.EXE D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe E:\PRGRAM FAILS- nediraj\win_PortablApps_mini_programi\PortableApps\PortableAppsMenu\PortableAppsMenu.exe E:\PRGRAM FAILS- nediraj\win_PortablApps_mini_programi\PortableApps\z.Sa_C_FirefoxPortable\FirefoxPortable.exe E:\PRGRAM FAILS- nediraj\win_PortablApps_mini_programi\PortableApps\z.Sa_C_FirefoxPortable\App\firefox\firefox.exe E:\Zzz Sa Wina na C\Desktop\HiJack\TR3.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [QuickFinder Scheduler] "E:\PRGRAM FAILS- nediraj\Sa diska D\WordPerfect Office X4\WordPerfect Office X4\Programs\QFSCHD140.EXE" O4 - HKLM\..\Run: [Ad-Watch] "D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Copy to &Lightning Note - D:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - e:\PRGRAM FAILS- nediraj\Sa diska D\WordPerfect Office X4\WordPerfect Office X4\Programs\WPLauncher.hta O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - D:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4471 bytes

Profil

helen1 Poslao: 17 Mar 2009 07:20 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Analize kazu da je bs player OK. Iskljuci Nod: Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

pelle6 Poslao: 17 Mar 2009 11:37 Idi na vrh
offline pelle6 Građanin Pridružio: 07 Nov 2007 Poruke: 80 Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moram li da skidam svaki put novi ili mogu da skinem i ovaj koji imam? Poslaću ti i jedan i drugi logo, mislim sa oba Wina Dopuna: 17 Mar 2009 11:09 Ovo je zaraženi C win ComboFix 09-03-12.01 - Administrator 2009-03-17 10:57:45.3 - NTFSx86 Running from: c:\documents and settings\Administrator\Desktop\HiJack\New Folder\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090316-0] On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 ))))))))))))))))))))))))))))))) . 2009-03-17 10:57 . 2009-03-17 10:57 179,712 --a--c--- c:\windows\system32\cacls.dll 2009-03-16 02:13 . 2009-03-16 02:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-14 19:27 . 2009-03-14 19:29 27,694 --a--c--- c:\windows\NIRCMD.rar 2009-03-14 18:45 . 2009-03-14 18:45 <DIR> d----c--- c:\program files\COMODO 2009-03-14 18:45 . 2009-03-14 18:45 <DIR> d----c--- c:\program files\AskBarDis 2009-03-14 18:45 . 2009-03-14 18:45 253,688 --a--c--- c:\windows\system32\cssdll32.dll 2009-03-14 18:40 . 2009-03-14 19:32 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Comodo 2009-03-14 18:40 . 2009-03-14 18:40 155,384 --a--c--- c:\windows\system32\guard32.dll 2009-03-14 18:40 . 2009-03-14 18:40 110,992 --a--c--- c:\windows\system32\drivers\cmdguard.sys 2009-03-14 18:40 . 2009-03-14 18:40 24,336 --a--c--- c:\windows\system32\drivers\cmdhlp.sys 2009-03-14 11:47 . 2009-03-14 11:47 179,712 --a--c--- c:\windows\system32\mscdexnt.dll 2009-03-13 22:41 . 2009-03-13 22:41 179,712 --a--c--- c:\windows\system32\krnl386.dll 2009-03-13 03:20 . 2009-03-13 03:20 <DIR> d----c--- c:\program files\Nitro PDF 2009-03-13 03:20 . 2009-03-13 03:20 <DIR> d----c--- c:\program files\Common Files\Nitro PDF 2009-03-13 03:20 . 2009-03-13 03:20 <DIR> d----c--- c:\program files\Common Files\BCL Technologies 2009-03-13 02:00 . 2008-12-21 00:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-03-13 02:00 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-03-13 02:00 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-03-13 02:00 . 2008-12-21 00:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-03-13 02:00 . 2008-12-21 00:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-03-13 02:00 . 2008-12-21 00:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-03-13 02:00 . 2008-12-21 00:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-03-13 02:00 . 2008-12-21 00:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-03-13 02:00 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-03-13 01:31 . 2009-03-13 02:00 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\BSplayer PRO 2009-03-13 01:24 . 2009-03-13 01:24 179,712 --a--c--- c:\windows\system32\getmac.dll 2009-03-13 00:40 . 2009-03-13 00:40 67 --a--c--- C:\1.bat 2009-03-10 16:37 . 2009-03-12 23:29 1,167 --a--c--- c:\windows\wincmd.ini 2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\UC.PIF 2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\RAR.PIF 2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\PKZIP.PIF 2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\PKUNZIP.PIF 2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\NOCLOSE.PIF 2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\LHA.PIF 2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\ARJ.PIF 2009-03-10 12:34 . 2009-03-10 12:34 <DIR> d----c--- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-03-10 12:34 . 2009-03-10 12:43 <DIR> d----c--- c:\documents and settings\All Users\Application Data\DriverCure 2009-03-10 12:34 . 2009-03-10 12:35 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\DriverCure 2009-03-10 12:22 . 2009-03-10 12:22 <DIR> d----c--- c:\program files\Gabest 2009-03-10 12:21 . 2009-03-10 12:21 <DIR> d----c--- c:\program files\DivXCodec 2009-03-10 12:21 . 2009-03-10 12:21 196,608 --a--c--- c:\windows\system32\avisynth.dll 2009-03-10 12:20 . 2009-03-10 12:21 <DIR> d----c--- c:\program files\GordianKnot-kodeci za -win11 2009-03-10 12:20 . 2009-03-10 12:20 414,272 --a--c--- c:\windows\system32\DivXc32f.dll 2009-03-10 12:20 . 2009-03-10 12:20 414,272 --a--c--- c:\windows\system32\DivXc32.dll 2009-03-10 12:20 . 2009-03-10 12:20 291,408 --a--c--- c:\windows\system32\DivXa32.acm 2009-03-10 12:20 . 2009-03-10 12:20 240,400 --a--c--- c:\windows\system32\DivX_c32.ax 2009-03-10 12:20 . 2009-03-10 12:20 33,280 --a--c--- c:\windows\system32\HUFFYUV.DLL 2009-03-10 11:26 . 2009-03-10 11:26 <DIR> d----c--- c:\program files\Real 2009-03-10 11:26 . 2009-03-10 11:26 <DIR> d----c--- c:\program files\Common Files\xing shared 2009-03-10 11:26 . 2009-03-10 11:26 <DIR> d----c--- c:\program files\Common Files\Real 2009-03-10 11:02 . 2004-08-04 02:07 221,184 --a--c--- c:\windows\system32\wmpns.dll 2009-03-10 11:02 . 2009-03-10 14:59 23,392 --a--c--- c:\windows\system32\nscompat.tlb 2009-03-10 11:02 . 2009-03-10 14:59 16,832 --a--c--- c:\windows\system32\amcompat.tlb 2009-03-09 17:14 . 2009-03-09 17:14 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Apple Computer 2009-03-09 15:56 . 2009-03-09 15:56 <DIR> d----c--- c:\program files\QuickTime 2009-03-09 15:56 . 2009-03-09 15:56 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-09 15:55 . 2009-03-09 15:55 <DIR> d----c--- c:\program files\Apple Software Update 2009-03-09 15:55 . 2009-03-09 15:55 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple 2009-03-08 23:21 . 2009-03-08 23:21 <DIR> d----c--- c:\program files\MSBuild 2009-03-08 23:18 . 2009-03-08 23:18 <DIR> d----c--- c:\windows\system32\XPSViewer 2009-03-08 23:17 . 2009-03-08 23:17 <DIR> d----c--- c:\program files\Reference Assemblies 2009-03-08 23:17 . 2006-06-29 13:07 14,048 -----c--- c:\windows\system32\spmsg2.dll 2009-03-04 16:43 . 2009-03-04 16:43 508,200 --a--c--- c:\windows\system32\ICCProfiles.dll 2009-03-04 16:25 . 2009-03-04 16:25 45 ---h-c--- c:\windows\dsez4072.dat 2009-03-03 22:13 . 2009-03-03 22:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\GARMIN 2009-03-03 01:11 . 2009-03-03 22:13 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\GARMIN 2009-03-03 01:05 . 2009-03-03 22:13 <DIR> d----c--- C:\Garmin 2009-02-26 00:15 . 2009-03-04 14:51 30 --a--c--- c:\windows\Iedit_.INI 2009-02-26 00:09 . 2009-02-26 00:09 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Ulead Systems 2009-02-26 00:06 . 2009-02-26 00:06 <DIR> d----c--- c:\program files\Ulead Systems 2009-02-26 00:06 . 2009-03-02 01:41 <DIR> d--h-c--- c:\program files\InstallShield Installation Information 2009-02-26 00:06 . 2009-02-26 00:06 <DIR> d----c--- c:\program files\Common Files\Ulead Systems 2009-02-26 00:06 . 2009-02-26 00:06 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-02-26 00:06 . 1999-10-15 12:50 1,056,768 -----c--- c:\windows\system32\ROBOEX32.DLL 2009-02-26 00:06 . 2006-07-22 19:37 49,152 -----c--- c:\windows\system32\INETWH32.dll 2009-02-26 00:05 . 2009-02-26 00:06 <DIR> d----c--- c:\program files\Common Files\InstallShield 2009-02-24 01:35 . 2009-03-13 03:13 <DIR> d----c--- c:\windows\Downloaded Installations 2009-02-21 20:05 . 2009-02-21 20:05 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\BWMeterPro 2009-02-17 19:47 . 2009-02-17 19:47 <DIR> d----c--- c:\windows\Sun 2009-02-17 17:47 . 2009-02-17 17:47 <DIR> d----c--- c:\program files\Java 2009-02-17 17:47 . 2009-02-17 17:47 410,984 --a--c--- c:\windows\system32\deploytk.dll 2009-02-17 17:47 . 2009-02-17 17:47 73,728 --a--c--- c:\windows\system32\javacpl.cpl 2009-02-17 14:38 . 2009-02-17 14:38 <DIR> d----c--- c:\program files\Bome's Image Resizer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-16 00:55 --------- dc----w c:\documents and settings\Administrator\Application Data\Skype 2009-03-16 00:53 --------- dc----w c:\documents and settings\Administrator\Application Data\skypePM 2009-03-13 00:24 360,320 -c--a-w c:\windows\system32\drivers\tcpip.sys 2009-03-12 23:40 140,288 -c--a-w c:\windows\system32\sfc_os.dll 2009-03-12 23:40 1,134,596 -c--a-w c:\windows\explorer.exe 2009-03-12 17:35 --------- dc----w c:\program files\Planplus 2009-03-10 11:08 --------- dc----w c:\program files\AVS4YOU 2009-03-10 10:55 --------- dc----w c:\program files\Windows Media Connect 2 2009-03-07 23:05 2,516 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-03-03 14:08 --------- dc----w c:\documents and settings\Administrator\Application Data\Thinstall 2009-03-02 00:38 --------- dc----w c:\program files\Corel 2009-02-16 17:27 --------- dc----w c:\program files\Alwil Software 2009-02-15 17:07 --------- dc----w c:\program files\PhotoFiltre 2009-02-13 22:18 --------- dc----w c:\program files\Common Files\IngPro 2009-02-13 22:08 --------- dc----w c:\program files\Microsoft.NET 2009-02-13 09:59 --------- dc----w c:\documents and settings\All Users\Application Data\PC Suite 2009-02-12 08:08 --------- dc----w c:\program files\MSECache 2009-02-10 09:33 --------- dc----w c:\documents and settings\All Users\Application Data\Bitstream 2009-02-09 23:51 --------- dc----w c:\documents and settings\Administrator\Application Data\Corel 2009-02-09 23:49 --------- dc----w c:\program files\Common Files\Protexis 2009-02-09 23:49 --------- dc----w c:\documents and settings\All Users\Application Data\Corel 2009-02-09 23:47 --------- dc----w c:\program files\Common Files\Corel 2009-02-09 14:53 --------- dc----w c:\program files\Microsoft 2009-02-09 10:19 1,846,272 -c--a-w c:\windows\system32\win32k.sys 2009-02-08 18:58 --------- dc----w c:\program files\TeleTRADER 4 2009-02-06 19:02 --------- dc----w c:\program files\Common Files\AVSMedia 2009-02-06 19:02 --------- dc----w c:\documents and settings\All Users\Application Data\AVS4YOU 2009-02-06 18:59 0 -c-ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-02-06 18:59 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-02-06 18:59 --------- dc----w c:\documents and settings\Administrator\Application Data\PC Suite 2009-02-06 18:59 --------- dc----w c:\documents and settings\Administrator\Application Data\Nokia 2009-02-06 18:58 --------- dc----w c:\program files\Nokia 2009-02-06 18:58 --------- dc----w c:\program files\Common Files\PCSuite 2009-02-06 18:58 --------- dc----w c:\program files\Common Files\Nokia 2009-02-06 18:57 --------- dc----w c:\program files\PC Connectivity Solution 2009-02-06 18:57 --------- dc----w c:\program files\DIFX 2009-02-06 18:56 --------- dc----w c:\documents and settings\All Users\Application Data\Installations 2009-02-06 11:01 --------- dc----w c:\documents and settings\Administrator\Application Data\Ing-Pro 2009-02-05 23:44 --------- dc----w c:\documents and settings\Administrator\Application Data\Nitro PDF 2009-02-05 23:37 --------- dc----w c:\documents and settings\All Users\Application Data\Nitro PDF 2009-02-05 23:06 --------- dc----w c:\documents and settings\All Users\Application Data\FLEXnet 2009-02-05 22:58 --------- dc----w c:\program files\Common Files\Adobe 2009-02-05 22:58 --------- dc----w c:\program files\Bonjour 2009-02-05 22:49 --------- dc----w c:\program files\Common Files\Macrovision Shared 2009-02-05 22:37 --------- dc----w c:\program files\Skype 2009-02-05 22:37 --------- dc----w c:\program files\Common Files\Skype 2009-02-05 22:37 --------- dc----w c:\documents and settings\All Users\Application Data\Skype 2009-02-05 22:34 --------- dc----w c:\program files\Common Files\Ahead 2009-02-05 22:34 --------- dc----w c:\program files\Ahead 2009-02-03 21:33 --------- dc----w c:\program files\Microsoft ActiveSync 2009-02-03 20:34 --------- dc----w c:\program files\CONEXANT 2009-02-03 20:20 --------- dc----w c:\program files\microsoft frontpage 2008-12-20 23:15 826,368 -c--a-w c:\windows\system32\wininet.dll . ------- Sigcheck ------- 2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2004-08-04 02:07 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB951748$\tcpip.sys 2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys 2009-03-13 01:24 360320 a8a6c5b80cb4b619d1a41892eee69e11 c:\windows\system32\drivers\tcpip.sys 2009-03-13 00:40 1134596 083e59f847d11f4af9d4d57d4ad51be3 c:\windows\explorer.exe 2009-03-13 00:40 1134596 083e59f847d11f4af9d4d57d4ad51be3 c:\windows\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-13_22.43.24,29 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-14 17:40:34 80,400 -c--a-w c:\windows\system32\drivers\inspect.sys + 2009-03-17 08:56:52 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_410.dat + 2009-03-17 08:56:34 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_61c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-08-06 15:20 279944 --a--c--- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-10 198160] "COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-03-14 278264] "COMODO Internet Security"="f:\prgram fails- nediraj\Sa diska C\Comodo\COMODO Internet Security\cfp.exe" [2009-03-14 1851128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\cssdll32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.HFYU"= huffyuv.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor] --a--c--- 2009-03-04 16:43 209216 c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2009-02-17 17:47 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] --a--c--- 2007-08-02 21:08 95504 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "f:\\Wsc i Sve za njega\\WSC-CDMS\\udrive\\usr\\local\\apache2\\bin\\Apache_21.exe"= "f:\\Wsc i Sve za njega\\WSC-CDMS\\udrive\\usr\\local\\mysql\\bin\\mysqld-opt.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S1 aswSP;avast! Self Protection; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-03-14 110992] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-03-14 24336] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-11-29 225792] --- Other Services/Drivers In Memory --- Deregistered - Aavmker4 Deregistered - AFD Deregistered - Alerter Deregistered - ALG Deregistered - aswFsBlk Deregistered - aswMon2 Deregistered - aswRdr Deregistered - aswSP Deregistered - aswTdi Deregistered - aswUpdSv Deregistered - Ati HotKey Poller Deregistered - AudioSrv Deregistered - audstub Deregistered - avast! Antivirus Deregistered - avast! Mail Scanner Deregistered - avast! Web Scanner Deregistered - Beep Deregistered - Cdfs Deregistered - cmdAgent Deregistered - cmdGuard Deregistered - cmdHlp Deregistered - Compbatt Deregistered - COMSysApp Deregistered - CryptSvc Deregistered - Dhcp Deregistered - dmio Deregistered - dmload Deregistered - ERSvc Deregistered - EventSystem Deregistered - Fastfat Deregistered - Fips Deregistered - FltMgr Deregistered - Ftdisk Deregistered - Gpc Deregistered - helpsvc Deregistered - HTTP Deregistered - Inspect Deregistered - IpNat Deregistered - IPSec Deregistered - JavaQuickStarterService Deregistered - KSecDD Deregistered - lanmanworkstation Deregistered - LmHosts Deregistered - mnmdd Deregistered - MountMgr Deregistered - MRxSmb Deregistered - Msfs Deregistered - mssmbios Deregistered - Mup Deregistered - NDIS Deregistered - NdisTapi Deregistered - Ndisuio Deregistered - NdisWan Deregistered - NDProxy Deregistered - NetBIOS Deregistered - NetBT Deregistered - Netlogon Deregistered - Netman Deregistered - Nla Deregistered - Npfs Deregistered - Ntfs Deregistered - Null Deregistered - PartMgr Deregistered - PptpMiniport Deregistered - ProtectedStorage Deregistered - PSched Deregistered - PSI_SVC_2 Deregistered - RasAcd Deregistered - Rasl2tp Deregistered - RasMan Deregistered - RasPppoe Deregistered - Raspti Deregistered - Rdbss Deregistered - RDPCDD Deregistered - rdpdr Deregistered - RpcSs Deregistered - SamSs Deregistered - Schedule Deregistered - seclogon Deregistered - SharedAccess Deregistered - ShellHWDetection Deregistered - Spooler Deregistered - sr Deregistered - srservice Deregistered - SSDPSRV Deregistered - stisvc Deregistered - swenum Deregistered - TapiSrv Deregistered - Tcpip Deregistered - TermDD Deregistered - Themes Deregistered - Update Deregistered - VgaSave Deregistered - VolSnap Deregistered - Wanarp Deregistered - winmgmt Deregistered - wscsvc Deregistered - wuauserv Deregistered - WudfPf Deregistered - WudfSvc Deregistered - WZCSVC [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional] cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs" . Contents of the 'Scheduled Tasks' folder 2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.computers.toshiba-europe.com/ uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5qo5u03u.default\ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-17 11:00:07 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(560) c:\windows\system32\cssdll32.dll c:\windows\system32\guard32.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(620) c:\windows\system32\cssdll32.dll c:\windows\system32\guard32.dll . Completion time: 2009-03-17 11:01:50 ComboFix-quarantined-files.txt 2009-03-17 10:01:46 ComboFix2.txt 2009-03-14 10:49:55 ComboFix3.txt 2009-03-13 21:44:19 Pre-Run: 7.671.459.840 bytes free Post-Run: 7,655,641,088 bytes free 363 --- E O F --- 2009-03-13 02:42:18 Dopuna: 17 Mar 2009 11:37 Ovo je sa D Win ComboFix 09-03-15.01 - Pelle 2009-03-17 11:17:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1918.1480 [GMT 1:00] Running from: d:\documents and settings\Pelle\Desktop\New Folder\ComboFix.exe AV: ESET Smart Security 4.0 On-access scanning disabled (Updated) AV: Lavasoft Ad-Watch Live! Anti-Virus On-access scanning enabled (Updated) FW: ESET Personal firewall disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 ))))))))))))))))))))))))))))))) . 2009-03-17 01:26 . 2009-03-17 11:08 4,212 --ah-c--- d:\windows\system32\zllictbl.dat 2009-03-17 01:24 . 2009-03-17 01:25 <DIR> d----c--- d:\windows\system32\ZoneLabs 2009-03-17 01:24 . 2009-02-15 23:10 1,221,512 --a--c--- d:\windows\system32\zpeng25.dll 2009-03-17 01:24 . 2009-03-17 11:08 350,197 --a--c--- d:\windows\system32\vsconfig.xml 2009-03-17 01:18 . 2009-03-17 01:18 <DIR> d----c--- d:\program files\Zone Labs 2009-03-17 01:15 . 2009-03-17 11:12 <DIR> d----c--- d:\windows\Internet Logs 2009-03-16 23:23 . 2009-03-16 23:23 <DIR> d----c--- d:\windows\system32\config\systemprofile\Application Data\ESET 2009-03-16 23:23 . 2009-03-16 23:23 <DIR> d----c--- d:\documents and settings\Pelle\Application Data\ESET 2009-03-16 23:22 . 2009-03-16 23:22 <DIR> d----c--- d:\program files\ESET 2009-03-16 23:22 . 2009-03-16 23:22 <DIR> d----c--- d:\documents and settings\All Users\Application Data\ESET 2009-03-16 15:15 . 2009-03-16 17:11 <DIR> d----c--- d:\program files\TeaTimer (Spybot - Search & Destroy) 2009-03-16 15:15 . 2009-03-16 17:11 <DIR> d----c--- d:\program files\SDHelper (Spybot - Search & Destroy) 2009-03-16 15:15 . 2009-03-16 15:15 <DIR> d----c--- d:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-03-16 15:15 . 2009-03-16 15:15 <DIR> d----c--- d:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-03-16 14:47 . 2009-03-16 14:47 <DIR> d----c--- d:\program files\MSSOAP 2009-03-16 09:15 . 2009-03-16 09:16 <DIR> d----c--- d:\documents and settings\Pelle\Application Data\BSplayer PRO 2009-03-16 08:55 . 2009-03-16 02:58 15,688 --a--c--- d:\windows\system32\lsdelete.exe 2009-03-16 02:59 . 2009-03-16 02:59 <DIR> d----c--- d:\windows\system32\DRVSTORE 2009-03-16 02:59 . 2009-03-16 02:58 64,160 --a--c--- d:\windows\system32\drivers\Lbd.sys 2009-03-16 02:54 . 2009-03-16 02:54 <DIR> d----c--- d:\program files\Lavasoft 2009-03-16 02:54 . 2009-03-16 02:54 <DIR> d--h-c--- d:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-16 02:19 . 2009-03-16 02:58 <DIR> d----c--- d:\documents and settings\All Users\Application Data\Lavasoft 2009-03-15 02:27 . 2009-03-15 02:27 <DIR> d----c--- d:\documents and settings\Pelle\Application Data\Flock 2009-03-15 02:27 . 2009-03-15 02:27 0 --a--c--- d:\windows\nsreg.dat 2009-03-15 02:26 . 2009-03-17 11:10 <DIR> d----c--- d:\program files\Flock 2009-03-12 21:09 . 2009-03-12 21:09 <DIR> d----c--- d:\program files\MSXML 4.0 2009-03-12 19:23 . 2009-03-12 19:23 135 --a--c--- d:\windows\wcx_ftp.ini 2009-03-12 18:49 . 2009-03-12 19:50 2,125 --a--c--- d:\windows\WINCMD.INI 2009-03-12 02:22 . 2009-03-12 02:22 0 --a--c--- d:\windows\oodcnt.INI 2009-03-12 02:18 . 2009-03-12 02:18 <DIR> d----c--- d:\windows\system32\oodag 2009-03-12 01:08 . 2009-03-12 01:08 <DIR> d----c--- d:\program files\Common Files\Protexis 2009-03-12 01:07 . 2009-03-12 01:09 <DIR> d----c--- d:\documents and settings\All Users\Application Data\Corel 2009-03-12 01:07 . 2009-03-12 01:29 506 --a--c--- d:\windows\system32\mapisvc.inf 2009-03-12 01:06 . 2009-03-12 01:06 <DIR> d----c--- d:\program files\Common Files\Borland Shared 2009-03-03 16:21 . 2009-03-03 16:21 <DIR> d----c--- d:\windows\Sun 2009-02-28 11:58 . 2009-02-28 11:58 45 ---h-c--- d:\windows\dsez4072.dat 2009-02-23 01:38 . 2009-02-23 01:38 <DIR> d----c--- d:\documents and settings\All Users\Application Data\ScanSoft 2009-02-22 18:59 . 2009-02-22 18:59 <DIR> d----c--- d:\program files\Java 2009-02-22 18:59 . 2009-02-22 18:59 410,984 --a--c--- d:\windows\system32\deploytk.dll 2009-02-22 18:59 . 2009-02-22 18:59 73,728 --a--c--- d:\windows\system32\javacpl.cpl 2009-02-21 13:31 . 2009-02-21 13:31 <DIR> d----c--- d:\documents and settings\Pelle\Application Data\BWMeterPro 2009-02-19 01:01 . 2009-03-17 11:10 <DIR> d----c--- d:\documents and settings\Pelle\Application Data\skypePM 2009-02-19 01:01 . 2009-02-19 01:01 56 --ah-c--- d:\windows\system32\ezsidmv.dat 2009-02-19 00:59 . 2009-02-19 00:59 <DIR> dr---c--- d:\program files\Skype 2009-02-19 00:59 . 2009-02-19 00:59 <DIR> d----c--- d:\program files\Common Files\Skype 2009-02-19 00:59 . 2009-03-17 11:12 <DIR> d----c--- d:\documents and settings\Pelle\Application Data\Skype 2009-02-19 00:59 . 2009-02-19 00:59 <DIR> d----c--- d:\documents and settings\All Users\Application Data\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-16 19:56 --------- dc----w d:\program files\Common Files\Symantec Shared 2009-03-12 01:20 3,350 -csha-w d:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-03-12 00:28 --------- dc----w d:\program files\Common Files\Corel 2009-03-12 00:06 --------- dc----w d:\documents and settings\All Users\Application Data\Borland 2009-03-11 22:53 --------- dc----w d:\documents and settings\Pelle\Application Data\Thinstall 2009-02-16 07:07 --------- dc----w d:\program files\Microsoft ActiveSync 2009-02-16 07:03 --------- dc----w d:\program files\Microsoft.NET 2009-02-16 06:26 --------- dc----w d:\documents and settings\Pelle\Application Data\Ing-Pro 2009-02-16 06:24 --------- dc----w d:\program files\Common Files\Adobe 2009-02-13 19:40 --------- dc----w d:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-13 18:54 --------- dc----w d:\program files\MSECache 2009-02-13 18:08 --------- dc----w d:\program files\Common Files\IngPro 2009-02-11 22:54 --------- dc----w d:\documents and settings\Pelle\Application Data\Corel 2009-02-11 00:50 8 -csh--r d:\documents and settings\All Users\Application Data\0B0F53423C.sys 2009-02-09 10:19 1,846,272 -c--a-w d:\windows\system32\win32k.sys 2009-02-06 13:24 56,280 -c--a-w d:\windows\system32\drivers\epfwtdi.sys 2009-02-06 13:24 33,096 -c--a-w d:\windows\system32\drivers\epfwndis.sys 2009-02-06 13:24 130,952 -c--a-w d:\windows\system32\drivers\epfw.sys 2009-02-06 13:23 106,208 -c--a-w d:\windows\system32\drivers\ehdrv.sys 2009-02-06 13:19 113,448 -c--a-w d:\windows\system32\drivers\eamon.sys 2009-02-06 08:30 --------- dc----w d:\documents and settings\Pelle\Application Data\Iconico 2009-02-06 08:15 --------- dc----w d:\program files\Common Files\InstallShield 2009-02-04 16:29 --------- dc----w d:\program files\CONEXANT 2009-02-04 15:59 --------- dc----w d:\program files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickFinder Scheduler"="e:\prgram fails- nediraj\Sa diska D\WordPerfect Office X4\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2008-11-15 83232] "Ad-Watch"="d:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-16 515416] "egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400] "ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-03-16 64160] R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208] R2 ekrn;ESET Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] R3 HSFHWATI;HSFHWATI;d:\windows\system32\drivers\HSFHWATI.sys [2009-02-04 225792] . . ------- Supplementary Scan ------- . IE: Copy to &Lightning Note - d:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with WordPerfect - e:\prgram fails- nediraj\Sa diska D\WordPerfect Office X4\WordPerfect Office X4\Programs\WPLauncher.hta FF - ProfilePath - d:\documents and settings\Pelle\Application Data\Mozilla\Firefox\Profiles\0o35n5oz.default\ FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-17 11:20:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(772) d:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1900) d:\windows\system32\msi.dll . Completion time: 2009-03-17 11:21:46 ComboFix-quarantined-files.txt 2009-03-17 10:21:40 ComboFix2.txt 2009-03-14 10:49:55 ComboFix3.txt 2009-03-13 21:44:19 Pre-Run: 2.133.499.904 bytes free Post-Run: 2,615,537,664 bytes free 145 --- E O F --- 2009-03-12 20:09:04 Nego kako se isključuje zaštitni zid dok radi ovaj program? Mnogo zamara stalno odobravanje procesa koji rade. Plus trebao sam da isključim i AdWere zaštitu, to mi je javio kada sam ga pokrenuo. Na C winu je sada jedini problem što uključi Windows instalater kad se podigne sistem a i kada pokrenem FFox. Sve ostalo radi kako treba. Računar sam inače iskenirao sa AdWere i sa Spybotom. Oba su pronašla svašta pa sam sve obrisao. Adawere je obrisao BSplayer koji sam imao kao instalacioni, prijavio ga je kao pretnju.

Profil

helen1 Poslao: 17 Mar 2009 15:51 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ja pod milim Bogom ne razumem sta se ovde desava? Jesi ti reinstalirao onaj sistem koji je bio zarazen, onaj koji smo pokusali da ocistimo?

Profil

pelle6 Poslao: 19 Mar 2009 10:16 Idi na vrh
offline pelle6 Građanin Pridružio: 07 Nov 2007 Poruke: 80 Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisam imao vremena da ga reinstaliram. Pošto sam ga preorao, samo me zanima da li sam uspeo da zarazim i ovaj Win na D particiji. Usput sam ti poslao i logo sa Wina na C particii. Sada se ponaša normalno sem što pokreće Windows instalater prilikom podizanja sistema i prilikom podizanja FFoxsa. Dopuna: 19 Mar 2009 10:05 Sinoć sam seo i reinstalirao. Upotrebio sam novi Antivirus, odma instalitao Spybot. Tek onda sam instalirao drajvere i ono što mi je neophodno za rad. Kad vidim da mi neki od program prijavljuje instalaciju explorera.exe Naravno nisam dozvolio Samo je pitanje oklen je stigao i da li se nije nakačio. Da ne sponinjem da imam problem sa podizanjem Wina sa D particije. O tome sam u drugom topicu pisao. Nego šta sada da ti pošaljem da bi proverili ovaj Windows. Dopuna: 19 Mar 2009 10:16 Zači sada imam Webroot, mislim da ga je on prijavio prvi pre no što sam instalirao ZAlarma i spybot.

Profil

helen1 Poslao: 19 Mar 2009 10:17 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako, otvori novu temu za taj Windows sto si tek instalirao, ako mislis da ti treba provera. I tamo postavi HiJack This log, koji ce neko pogledati, i prepisi ovo sto si meni ovde napisao, da bi onaj koji radi taj slucaj znao u cemu je stvar.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Usporen rad kompa i stalno zauzeće neta

Ko je trenutno na forumu

Ukupno su 1060 korisnika na forumu :: 51 registrovanih, 5 sakrivenih i 1004 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., adamantadv, Bokiboks, ccoogg123, darkojbn, Dorcolac, dragoljub11987, drimer, dule10savic, FileFinder, Frunze, Gosha101980, goxsys, havoc995, ikan, Kandrbandrdzilo, Karla, Komentator, Kubovac, kybonacci, ladro, MaksicZoran, Metanoja, mikrimaus, nextyamb, Nobunaga, novator, nuke92, panzerwaffe, procesor, randja26, RJ, S-lash, scimitar19, slonic_tonic, solic, sombrero, SR-3m, Srle993, Stefan M, Stoilkovic, Tas011, Tvrtko I, uruk, Vlad000, voja64, vukovi, wolverined4, YugoSlav, zillbg

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by