MyCity » Ambulanta -> Arhiva Ambulante » Usporio mi se kompjuter

Usporio mi se kompjuter

Napisano na dan: 29.1.2008

Strana:
1
2

Usporio mi se kompjuter

Sledeća strana

Pagination

Odgovori

Strana:
1
2

deki019 Poslao: 29 Jan 2008 17:33 Idi na vrh
offline deki019 Novi MyCity građanin Pridružio: 29 Jan 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! dru mi je dao vas link.Ja sam skenirao moj kompjuter da vidim dali ima neki virus a imam NOD32 2.5 verziju i nije prijavio nista,skenirao sam ga sa programom Counterspy v2.5.1040 i prijavio mi je da imam trojance u sistemu.I ja bih zeleo da ih otklonim iz mog sistema.Logfile of HijackThis v1.99.1 Scan saved at 5:30:26 PM, on 1/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Winamp\winamp.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\BISER\Desktop\New Folder\TR3.exe..exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: DigiChat Applet - vipchat.vip.hr/DigiChat/DigiClasses/Client_IE.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1499EFAA-B4B3-4912-8231-1F0E48601F00}: NameServer = 213.244.255.2 213.244.255.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

Profil

dr_Bora Poslao: 29 Jan 2008 17:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Koje file-ove je CounterSpy detektovao? ------------------------------------------------------------------------------------- Pokreni HT, skeniraj i čekiraj sledeću liniju: F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat a zatim klikni Fix Checked. ------------------------------------------------------------------------------------- Privremeno deaktiviraj sav zaštitni softver koji koristiš, a zatim... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

deki019 Poslao: 29 Jan 2008 21:52 Idi na vrh
offline deki019 Novi MyCity građanin Pridružio: 29 Jan 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 8:50:41 PM, on 1/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Winamp\winamp.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\BISER\Desktop\TR3.exe..exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: DigiChat Applet - vipchat.vip.hr/DigiChat/DigiClasses/Client_IE.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1499EFAA-B4B3-4912-8231-1F0E48601F00}: NameServer = 213.244.255.2 213.244.255.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe ComboFix 08-01-29.3 - BISER 2008-01-29 21:27:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.314 [GMT 1:00] Running from: C:\Documents and Settings\BISER\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\autorun.reg . ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))) . 2008-01-28 17:37 . 2008-01-28 17:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-28 17:37 . 2008-01-28 17:37 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-25 18:46 . 2008-01-29 11:47 <DIR> d-------- C:\Documents and Settings\BISER\Tracing 2008-01-25 16:56 . 2008-01-25 16:56 1,158 --a------ C:\WINDOWS\mozver.dat 2008-01-25 00:50 . 2008-01-25 00:50 <DIR> d-------- C:\Program Files\Windows Live 2008-01-24 01:50 . 2008-01-24 01:50 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-01-24 01:15 . 2004-08-04 02:07 68,608 --a------ C:\WINDOWS\system32\plugin.ocx 2008-01-24 01:15 . 2004-08-04 02:07 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx 2008-01-23 16:16 . 2008-01-23 16:16 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-23 01:07 . 2008-01-23 01:07 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys 2008-01-23 01:02 . 2008-01-23 01:02 0 --a------ C:\WINDOWS\system32\SBRC.dat 2008-01-23 01:02 . 2008-01-23 01:02 0 --a------ C:\WINDOWS\system32\SBFC.dat 2008-01-23 00:58 . 2008-01-23 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software 2008-01-23 00:55 . 2008-01-23 00:55 <DIR> d-------- C:\Program Files\Sunbelt Software 2008-01-22 23:46 . 2008-01-22 23:46 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\Sunbelt Software 2008-01-22 16:03 . 2008-01-22 16:02 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-01-22 16:03 . 2008-01-22 16:02 270,336 --a------ C:\WINDOWS\system32\imon.dll 2008-01-22 15:35 . 2008-01-22 15:35 <DIR> d-------- C:\Program Files\Copy of ESET 2008-01-20 00:43 . 2008-01-20 00:44 <DIR> d-------- C:\Program Files\Macrogaming 2008-01-16 15:08 . 2008-01-16 18:03 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\Winamp 2008-01-14 15:44 . 2008-01-29 11:46 56,188 --a------ C:\WINDOWS\system32\oodbs.lor 2008-01-14 01:54 . 2008-01-14 01:54 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\DesktopSMS 2008-01-11 12:30 . 2008-01-11 12:30 <DIR> d-------- C:\WINDOWS\system32\oodag 2008-01-11 12:01 . 2008-01-11 12:01 0 --a------ C:\WINDOWS\oodcnt.INI 2008-01-11 11:59 . 2008-01-11 11:59 <DIR> d-------- C:\Program Files\OO Software 2008-01-11 00:46 . 2008-01-11 00:46 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\Leadertech 2008-01-11 00:42 . 2008-01-21 15:42 <DIR> d-------- C:\Program Files\NovaLogic 2008-01-10 02:33 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-01-10 02:32 . 2008-01-10 02:32 <DIR> d-------- C:\NVIDIA 2008-01-10 01:58 . 2008-01-10 01:58 <DIR> d-------- C:\Program Files\AskSBar 2008-01-10 01:44 . 2008-01-11 00:10 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\DMCache 2008-01-10 01:22 . 2008-01-10 01:22 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\URSoft 2008-01-10 01:22 . 2008-01-29 16:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-10 01:21 . 2008-01-10 01:29 <DIR> d-------- C:\Program Files\Your Uninstaller 2008 2008-01-09 23:10 . 2008-01-09 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-01-03 20:05 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-01-03 20:05 . 2008-01-03 20:05 376 --a------ C:\WINDOWS\ODBC.INI 2008-01-03 20:04 . 2008-01-03 20:04 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-01-03 20:03 . 2008-01-03 20:04 <DIR> d-------- C:\WINDOWS\SHELLNEW . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-28 11:23 --------- d-----w C:\Program Files\ACD Systems 2008-01-28 11:22 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-01-28 11:18 --------- d-----w C:\Documents and Settings\BISER\Application Data\ACD Systems 2008-01-16 14:35 --------- d-----w C:\Program Files\Winamp 2008-01-15 21:49 --------- d-----w C:\Program Files\Electronic Arts 2008-01-10 15:39 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-09 22:09 --------- d-----w C:\Program Files\Yahoo! 2008-01-03 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-26 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-26 22:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-22 21:17 --------- d-----w C:\Program Files\Global Star Software 2007-12-22 18:27 532,480 ----a-w C:\WINDOWS\system32\basic instinct 2 screensaver 2.scr 2007-12-22 18:20 332,290 ----a-w C:\WINDOWS\java\Packages\PVPB9BRJ.ZIP 2007-12-13 18:55 --------- d-----w C:\Program Files\XnView 2007-12-08 22:26 155,995 ----a-w C:\WINDOWS\java\Packages\TNNH3PF3.ZIP 2007-12-08 22:25 --------- d-----w C:\Program Files\Microsoft VM 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll 2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-12-03 22:40 43,153 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2007-12-03 22:40 --------- d-----w C:\Program Files\AviSynth 2.5 2007-12-03 22:36 --------- d-----w C:\Program Files\Gabest 2007-12-03 22:28 --------- d-----w C:\Program Files\CCleaner 2007-12-03 22:25 --------- d-----w C:\Program Files\PC Inspector File Recovery 2007-12-03 17:09 --------- d-----w C:\Program Files\Google 2007-11-30 02:12 --------- d-----w C:\Program Files\QuickTime 2007-11-30 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-29 22:28 --------- d-----w C:\Documents and Settings\BISER\Application Data\Apple Computer 2007-11-29 22:25 --------- d-----w C:\Program Files\Apple Software Update 2007-11-16 20:49 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2007-11-07 14:34 51,736 ----a-w C:\WINDOWS\system32\sirenacm.dll 2001-01-11 07:02 794,624 ----a-r C:\WINDOWS\inf\OTHER\audio3d.dll 2006-07-30 23:20 959 --sha-r C:\WINDOWS\system32\autorun.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-01-10 01:58 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-01-10 01:58 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11D4-9B18-009027A5CD4F} {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-10 01:58 267592] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-29 23:09 171448] "DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"="Mixer.exe" [2001-10-22 10:24 1216512 C:\WINDOWS\mixer.exe] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-13 16:20 917504] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] [HKLM\~\startupfolder\C:^Documents and Settings^BISER^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=C:\Documents and Settings\BISER\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] -ra------ 2007-06-19 09:21 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor] --a------ 2004-12-16 14:55 987136 C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer] --a------ 2005-06-07 10:31 819712 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE] C:\Program Files\Download Direct\DLD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-11-07 15:34 3739672 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] --a------ 2007-12-13 16:20 917504 C:\Program Files\Eset\nod32kui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2005-06-29 14:29 176128 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] --a------ 2005-06-24 13:08 860160 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] --a------ 2008-01-02 20:15 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-11-29 23:09 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-12-17 17:13 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BITS"=2 (0x2) R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-01-23 01:07] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-09 00:15] R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75331288-947e-11dc-ba51-a547459bec43}] \Shell\AutoRun\command - I:\launcher.exe Newly Created Service - PROCEXP90 Newly Created Service - SBAPIFS . Contents of the 'Scheduled Tasks' folder "2007-11-29 22:25:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-29 21:30:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-29 21:32:05 ComboFix-quarantined-files.txt 2008-01-29 20:31:46 . 2007-12-12 17:34:37 --- E O F ---

Profil

dr_Bora Poslao: 29 Jan 2008 22:43 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\autorun.bin Folder:: C:\Program Files\AskSBar Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] [-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

deki019 Poslao: 30 Jan 2008 15:44 Idi na vrh
offline deki019 Novi MyCity građanin Pridružio: 29 Jan 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-01-29.3 - BISER 2008-01-30 15:19:30.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.460 [GMT 1:00] Running from: C:\Documents and Settings\BISER\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\BISER\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))) . 2008-01-28 17:37 . 2008-01-28 17:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-28 17:37 . 2008-01-28 17:37 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-25 18:46 . 2008-01-30 11:54 <DIR> d-------- C:\Documents and Settings\BISER\Tracing 2008-01-25 16:56 . 2008-01-25 16:56 1,158 --a------ C:\WINDOWS\mozver.dat 2008-01-25 00:50 . 2008-01-25 00:50 <DIR> d-------- C:\Program Files\Windows Live 2008-01-24 01:50 . 2008-01-24 01:50 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-01-24 01:15 . 2004-08-04 02:07 68,608 --a------ C:\WINDOWS\system32\plugin.ocx 2008-01-24 01:15 . 2004-08-04 02:07 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx 2008-01-23 16:16 . 2008-01-23 16:16 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-23 01:07 . 2008-01-23 01:07 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys 2008-01-23 01:02 . 2008-01-23 01:02 0 --a------ C:\WINDOWS\system32\SBRC.dat 2008-01-23 01:02 . 2008-01-23 01:02 0 --a------ C:\WINDOWS\system32\SBFC.dat 2008-01-23 00:58 . 2008-01-23 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software 2008-01-23 00:55 . 2008-01-23 00:55 <DIR> d-------- C:\Program Files\Sunbelt Software 2008-01-22 23:46 . 2008-01-22 23:46 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\Sunbelt Software 2008-01-22 16:03 . 2008-01-22 16:02 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-01-22 16:03 . 2008-01-22 16:02 270,336 --a------ C:\WINDOWS\system32\imon.dll 2008-01-22 15:35 . 2008-01-22 15:35 <DIR> d-------- C:\Program Files\Copy of ESET 2008-01-20 00:43 . 2008-01-20 00:44 <DIR> d-------- C:\Program Files\Macrogaming 2008-01-16 15:08 . 2008-01-16 18:03 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\Winamp 2008-01-14 15:44 . 2008-01-30 11:53 57,465 --a------ C:\WINDOWS\system32\oodbs.lor 2008-01-14 01:54 . 2008-01-14 01:54 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\DesktopSMS 2008-01-11 12:30 . 2008-01-11 12:30 <DIR> d-------- C:\WINDOWS\system32\oodag 2008-01-11 12:01 . 2008-01-11 12:01 0 --a------ C:\WINDOWS\oodcnt.INI 2008-01-11 11:59 . 2008-01-11 11:59 <DIR> d-------- C:\Program Files\OO Software 2008-01-11 00:46 . 2008-01-11 00:46 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\Leadertech 2008-01-11 00:42 . 2008-01-21 15:42 <DIR> d-------- C:\Program Files\NovaLogic 2008-01-10 02:33 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-01-10 02:32 . 2008-01-10 02:32 <DIR> d-------- C:\NVIDIA 2008-01-10 01:58 . 2008-01-10 01:58 <DIR> d-------- C:\Program Files\AskSBar 2008-01-10 01:44 . 2008-01-11 00:10 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\DMCache 2008-01-10 01:22 . 2008-01-10 01:22 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\URSoft 2008-01-10 01:22 . 2008-01-29 16:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-10 01:21 . 2008-01-10 01:29 <DIR> d-------- C:\Program Files\Your Uninstaller 2008 2008-01-09 23:10 . 2008-01-09 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-01-03 20:05 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-01-03 20:05 . 2008-01-03 20:05 376 --a------ C:\WINDOWS\ODBC.INI 2008-01-03 20:04 . 2008-01-03 20:04 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-01-03 20:03 . 2008-01-03 20:04 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-12-26 23:18 . 2007-12-26 23:45 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-26 23:18 . 2007-12-27 00:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-22 19:27 . 2007-12-22 19:27 <DIR> d-------- C:\WINDOWS\system32\basic instinct 2 screensaver 2 dir 2007-12-22 19:27 . 2007-12-22 19:27 532,480 --a------ C:\WINDOWS\system32\basic instinct 2 screensaver 2.scr 2007-12-13 19:55 . 2007-12-13 19:55 <DIR> d-------- C:\Program Files\XnView 2007-12-13 19:12 . 2004-08-04 02:07 281,088 --a--c--- C:\WINDOWS\system32\dllcache\pinball.exe 2007-12-13 19:10 . 2004-08-04 02:07 538,624 --a------ C:\WINDOWS\system32\spider.exe 2007-12-13 19:10 . 2004-08-04 02:07 538,624 --a--c--- C:\WINDOWS\system32\dllcache\spider.exe 2007-12-13 19:10 . 2004-08-04 02:07 126,976 --a------ C:\WINDOWS\system32\mshearts.exe 2007-12-13 19:10 . 2004-08-04 02:07 126,976 --a--c--- C:\WINDOWS\system32\dllcache\mshearts.exe 2007-12-13 19:10 . 2004-08-04 02:07 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-12-13 19:10 . 2004-08-04 02:07 119,808 --a--c--- C:\WINDOWS\system32\dllcache\winmine.exe 2007-12-13 19:10 . 2004-08-04 02:07 56,832 --a------ C:\WINDOWS\system32\sol.exe 2007-12-13 19:10 . 2004-08-04 02:07 56,832 --a--c--- C:\WINDOWS\system32\dllcache\sol.exe 2007-12-13 19:10 . 2004-08-04 02:07 55,296 --a------ C:\WINDOWS\system32\freecell.exe 2007-12-13 19:10 . 2004-08-04 02:07 55,296 --a--c--- C:\WINDOWS\system32\dllcache\freecell.exe 2007-12-09 02:22 . 2008-01-24 00:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-12-08 23:25 . 2007-12-08 23:25 <DIR> d-------- C:\Program Files\Microsoft VM 2007-12-05 01:41 . 2007-12-05 01:41 6,549,504 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-12-03 23:40 . 2007-12-03 23:40 <DIR> d-------- C:\Program Files\AviSynth 2.5 2007-12-03 23:40 . 2007-12-03 23:40 43,153 --a------ C:\WINDOWS\system32\xvid-uninstall.exe 2007-12-03 23:36 . 2007-12-03 23:36 <DIR> d-------- C:\Program Files\Gabest 2007-12-03 23:27 . 2007-12-03 23:28 <DIR> d-------- C:\Program Files\CCleaner 2007-12-03 23:25 . 2007-12-03 23:25 <DIR> d-------- C:\Program Files\PC Inspector File Recovery 2007-12-03 23:25 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD 2007-12-03 23:15 . 2007-12-03 23:17 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf 2007-12-03 23:14 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-28 11:23 --------- d-----w C:\Program Files\ACD Systems 2008-01-28 11:22 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-01-28 11:18 --------- d-----w C:\Documents and Settings\BISER\Application Data\ACD Systems 2008-01-16 14:35 --------- d-----w C:\Program Files\Winamp 2008-01-15 21:49 --------- d-----w C:\Program Files\Electronic Arts 2008-01-10 15:39 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-09 22:09 --------- d-----w C:\Program Files\Yahoo! 2008-01-03 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-22 21:17 --------- d-----w C:\Program Files\Global Star Software 2007-12-22 18:20 332,290 ----a-w C:\WINDOWS\java\Packages\PVPB9BRJ.ZIP 2007-12-08 22:26 155,995 ----a-w C:\WINDOWS\java\Packages\TNNH3PF3.ZIP 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll 2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-12-03 17:09 --------- d-----w C:\Program Files\Google 2007-11-30 02:12 --------- d-----w C:\Program Files\QuickTime 2007-11-30 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-29 22:28 --------- d-----w C:\Documents and Settings\BISER\Application Data\Apple Computer 2007-11-29 22:25 --------- d-----w C:\Program Files\Apple Software Update 2007-11-16 20:49 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2007-11-07 14:34 51,736 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-09 17:52 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2001-01-11 07:02 794,624 ----a-r C:\WINDOWS\inf\OTHER\audio3d.dll 2006-07-30 23:20 959 --sha-r C:\WINDOWS\system32\autorun.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-01-10 01:58 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-01-10 01:58 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11D4-9B18-009027A5CD4F} {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-10 01:58 267592] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-29 23:09 171448] "DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"="Mixer.exe" [2001-10-22 10:24 1216512 C:\WINDOWS\mixer.exe] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-13 16:20 917504] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] [HKLM\~\startupfolder\C:^Documents and Settings^BISER^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=C:\Documents and Settings\BISER\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] -ra------ 2007-06-19 09:21 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor] --a------ 2004-12-16 14:55 987136 C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer] --a------ 2005-06-07 10:31 819712 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE] C:\Program Files\Download Direct\DLD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-11-07 15:34 3739672 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] --a------ 2007-12-13 16:20 917504 C:\Program Files\Eset\nod32kui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2005-06-29 14:29 176128 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] --a------ 2005-06-24 13:08 860160 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] --a------ 2008-01-02 20:15 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-11-29 23:09 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-12-17 17:13 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BITS"=2 (0x2) R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-01-23 01:07] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-09 00:15] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [] S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75331288-947e-11dc-ba51-a547459bec43}] \Shell\AutoRun\command - I:\launcher.exe . Contents of the 'Scheduled Tasks' folder "2007-11-29 22:25:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-30 15:21:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-30 15:23:03 ComboFix-quarantined-files.txt 2008-01-30 14:22:46 ComboFix2.txt 2008-01-30 13:29:28 ComboFix3.txt 2008-01-30 12:57:03 ComboFix4.txt 2008-01-30 12:27:52 ComboFix5.txt 2008-01-29 20:32:06 . 2007-12-12 17:34:37 --- E O F --- Dopuna: 30 Jan 2008 15:44 Ja sam danas opet skenirao moj kompjuter sa CounterSpay i prijavo mi je viruse pod ovim nazivima Trojan.Peed.Gen I Trojan Cool0nlineOffers.ScreenSaver I Adware Bundler Weatherbug I Low Risk.Adware DP Trojan I RAT Bfrost I Backdoor ovo su nazivi virusa koje je upravo naveden program pronasao Programom koji je skeniran moj kompjutem zove se CounterSpy v2.5.1040 Molim vas izvinite sto vas nisam obavestio da imam dail up konekciju,molim vas oprostite sto sam zaboravio da to uradim na pocetku

Profil

dr_Bora Poslao: 30 Jan 2008 17:06 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prilično sam siguran da nisi precizno ispratio uputstvo iz mog prethodnog post-a: znači, potrebno je da iskopiraš tekst koji se nalazi unutar Kod polja ( sve ono što je zeleno, počevši od File:: ) u Notepad, zatim taj tekst snimiš kao CFScript i prevučeš snimljeni file na ikonicu ComboFix-a. Kada proces bude gotov, postavi ovde novi ComboFix log. Takođe, potrebno je da napišeš nazive file-ova koje CounterSpy detektuje - ne samo nazive detekcija, već nazive file-ova i njihove lokacije.

Profil

deki019 Poslao: 30 Jan 2008 17:30 Idi na vrh
offline deki019 Novi MyCity građanin Pridružio: 29 Jan 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-01-29.3 - BISER 2008-01-30 17:20:16.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.432 [GMT 1:00] Running from: C:\Documents and Settings\BISER\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\BISER\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\autorun.bin . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\AskSBar C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL C:\Program Files\AskSBar\bar\Cache\00391AB6.bin C:\Program Files\AskSBar\bar\Cache\00391FF6.bin C:\Program Files\AskSBar\bar\Cache\003924D8.bin C:\Program Files\AskSBar\bar\Cache\0039290E.bin C:\Program Files\AskSBar\bar\Cache\00392D73.bin C:\Program Files\AskSBar\bar\Cache\003931A9.bin C:\Program Files\AskSBar\bar\Cache\0039364D.bin C:\Program Files\AskSBar\bar\Cache\00393B1F.bin C:\Program Files\AskSBar\bar\Cache\011ED6AA C:\Program Files\AskSBar\bar\Cache\files.ini C:\Program Files\AskSBar\bar\History\search2 C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL C:\WINDOWS\system32\autorun.bin . ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))) . 2008-01-28 17:37 . 2008-01-28 17:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-28 17:37 . 2008-01-28 17:37 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-25 18:46 . 2008-01-30 11:54 <DIR> d-------- C:\Documents and Settings\BISER\Tracing 2008-01-25 16:56 . 2008-01-25 16:56 1,158 --a------ C:\WINDOWS\mozver.dat 2008-01-25 00:50 . 2008-01-25 00:50 <DIR> d-------- C:\Program Files\Windows Live 2008-01-24 01:50 . 2008-01-24 01:50 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-01-24 01:15 . 2004-08-04 02:07 68,608 --a------ C:\WINDOWS\system32\plugin.ocx 2008-01-24 01:15 . 2004-08-04 02:07 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx 2008-01-23 16:16 . 2008-01-23 16:16 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-23 01:07 . 2008-01-23 01:07 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys 2008-01-23 01:02 . 2008-01-23 01:02 0 --a------ C:\WINDOWS\system32\SBRC.dat 2008-01-23 01:02 . 2008-01-23 01:02 0 --a------ C:\WINDOWS\system32\SBFC.dat 2008-01-23 00:58 . 2008-01-23 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software 2008-01-23 00:55 . 2008-01-23 00:55 <DIR> d-------- C:\Program Files\Sunbelt Software 2008-01-22 23:46 . 2008-01-22 23:46 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\Sunbelt Software 2008-01-22 16:03 . 2008-01-22 16:02 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-01-22 16:03 . 2008-01-22 16:02 270,336 --a------ C:\WINDOWS\system32\imon.dll 2008-01-22 15:35 . 2008-01-22 15:35 <DIR> d-------- C:\Program Files\Copy of ESET 2008-01-20 00:43 . 2008-01-20 00:44 <DIR> d-------- C:\Program Files\Macrogaming 2008-01-16 15:08 . 2008-01-16 18:03 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\Winamp 2008-01-14 15:44 . 2008-01-30 11:53 57,465 --a------ C:\WINDOWS\system32\oodbs.lor 2008-01-14 01:54 . 2008-01-14 01:54 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\DesktopSMS 2008-01-11 12:30 . 2008-01-11 12:30 <DIR> d-------- C:\WINDOWS\system32\oodag 2008-01-11 12:01 . 2008-01-11 12:01 0 --a------ C:\WINDOWS\oodcnt.INI 2008-01-11 11:59 . 2008-01-11 11:59 <DIR> d-------- C:\Program Files\OO Software 2008-01-11 00:46 . 2008-01-11 00:46 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\Leadertech 2008-01-11 00:42 . 2008-01-21 15:42 <DIR> d-------- C:\Program Files\NovaLogic 2008-01-10 02:33 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-01-10 02:32 . 2008-01-10 02:32 <DIR> d-------- C:\NVIDIA 2008-01-10 01:44 . 2008-01-11 00:10 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\DMCache 2008-01-10 01:22 . 2008-01-10 01:22 <DIR> d-------- C:\Documents and Settings\BISER\Application Data\URSoft 2008-01-10 01:22 . 2008-01-29 16:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-10 01:21 . 2008-01-10 01:29 <DIR> d-------- C:\Program Files\Your Uninstaller 2008 2008-01-09 23:10 . 2008-01-09 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-01-03 20:05 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-01-03 20:05 . 2008-01-03 20:05 376 --a------ C:\WINDOWS\ODBC.INI 2008-01-03 20:04 . 2008-01-03 20:04 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-01-03 20:03 . 2008-01-03 20:04 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-12-26 23:18 . 2007-12-26 23:45 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-26 23:18 . 2007-12-27 00:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-22 19:27 . 2007-12-22 19:27 <DIR> d-------- C:\WINDOWS\system32\basic instinct 2 screensaver 2 dir 2007-12-22 19:27 . 2007-12-22 19:27 532,480 --a------ C:\WINDOWS\system32\basic instinct 2 screensaver 2.scr 2007-12-13 19:55 . 2007-12-13 19:55 <DIR> d-------- C:\Program Files\XnView 2007-12-13 19:12 . 2004-08-04 02:07 281,088 --a--c--- C:\WINDOWS\system32\dllcache\pinball.exe 2007-12-13 19:10 . 2004-08-04 02:07 538,624 --a------ C:\WINDOWS\system32\spider.exe 2007-12-13 19:10 . 2004-08-04 02:07 538,624 --a--c--- C:\WINDOWS\system32\dllcache\spider.exe 2007-12-13 19:10 . 2004-08-04 02:07 126,976 --a------ C:\WINDOWS\system32\mshearts.exe 2007-12-13 19:10 . 2004-08-04 02:07 126,976 --a--c--- C:\WINDOWS\system32\dllcache\mshearts.exe 2007-12-13 19:10 . 2004-08-04 02:07 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-12-13 19:10 . 2004-08-04 02:07 119,808 --a--c--- C:\WINDOWS\system32\dllcache\winmine.exe 2007-12-13 19:10 . 2004-08-04 02:07 56,832 --a------ C:\WINDOWS\system32\sol.exe 2007-12-13 19:10 . 2004-08-04 02:07 56,832 --a--c--- C:\WINDOWS\system32\dllcache\sol.exe 2007-12-13 19:10 . 2004-08-04 02:07 55,296 --a------ C:\WINDOWS\system32\freecell.exe 2007-12-13 19:10 . 2004-08-04 02:07 55,296 --a--c--- C:\WINDOWS\system32\dllcache\freecell.exe 2007-12-09 02:22 . 2008-01-24 00:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-12-08 23:25 . 2007-12-08 23:25 <DIR> d-------- C:\Program Files\Microsoft VM 2007-12-05 01:41 . 2007-12-05 01:41 6,549,504 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-12-03 23:40 . 2007-12-03 23:40 <DIR> d-------- C:\Program Files\AviSynth 2.5 2007-12-03 23:40 . 2007-12-03 23:40 43,153 --a------ C:\WINDOWS\system32\xvid-uninstall.exe 2007-12-03 23:36 . 2007-12-03 23:36 <DIR> d-------- C:\Program Files\Gabest 2007-12-03 23:27 . 2007-12-03 23:28 <DIR> d-------- C:\Program Files\CCleaner 2007-12-03 23:25 . 2007-12-03 23:25 <DIR> d-------- C:\Program Files\PC Inspector File Recovery 2007-12-03 23:25 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD 2007-12-03 23:15 . 2007-12-03 23:17 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf 2007-12-03 23:14 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-28 11:23 --------- d-----w C:\Program Files\ACD Systems 2008-01-28 11:22 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-01-28 11:18 --------- d-----w C:\Documents and Settings\BISER\Application Data\ACD Systems 2008-01-16 14:35 --------- d-----w C:\Program Files\Winamp 2008-01-15 21:49 --------- d-----w C:\Program Files\Electronic Arts 2008-01-10 15:39 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-09 22:09 --------- d-----w C:\Program Files\Yahoo! 2008-01-03 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-22 21:17 --------- d-----w C:\Program Files\Global Star Software 2007-12-22 18:20 332,290 ----a-w C:\WINDOWS\java\Packages\PVPB9BRJ.ZIP 2007-12-08 22:26 155,995 ----a-w C:\WINDOWS\java\Packages\TNNH3PF3.ZIP 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll 2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-12-03 17:09 --------- d-----w C:\Program Files\Google 2007-11-30 02:12 --------- d-----w C:\Program Files\QuickTime 2007-11-30 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-29 22:28 --------- d-----w C:\Documents and Settings\BISER\Application Data\Apple Computer 2007-11-29 22:25 --------- d-----w C:\Program Files\Apple Software Update 2007-11-16 20:49 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2007-11-07 14:34 51,736 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-09 17:52 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2001-01-11 07:02 794,624 ----a-r C:\WINDOWS\inf\OTHER\audio3d.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-29 23:09 171448] "DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"="Mixer.exe" [2001-10-22 10:24 1216512 C:\WINDOWS\mixer.exe] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-13 16:20 917504] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] [HKLM\~\startupfolder\C:^Documents and Settings^BISER^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=C:\Documents and Settings\BISER\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] -ra------ 2007-06-19 09:21 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor] --a------ 2004-12-16 14:55 987136 C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer] --a------ 2005-06-07 10:31 819712 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE] C:\Program Files\Download Direct\DLD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-11-07 15:34 3739672 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] --a------ 2007-12-13 16:20 917504 C:\Program Files\Eset\nod32kui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2005-06-29 14:29 176128 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] --a------ 2005-06-24 13:08 860160 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] --a------ 2008-01-02 20:15 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-11-29 23:09 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-12-17 17:13 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BITS"=2 (0x2) R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-01-23 01:07] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-09 00:15] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [] S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75331288-947e-11dc-ba51-a547459bec43}] \Shell\AutoRun\command - I:\launcher.exe . Contents of the 'Scheduled Tasks' folder "2007-11-29 22:25:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-30 17:22:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-30 17:24:10 ComboFix-quarantined-files.txt 2008-01-30 16:23:53 ComboFix2.txt 2008-01-30 14:23:04 ComboFix3.txt 2008-01-30 13:29:28 ComboFix4.txt 2008-01-30 12:57:03 ComboFix5.txt 2008-01-30 12:27:52 . 2007-12-12 17:34:37 --- E O F --- ------------------------------------------------------------ dali je sada uredu ovo sto sam poslao mislim na log

Profil

dr_Bora Poslao: 30 Jan 2008 18:36 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da, sada je ispravno odrađeno. Da li sada postoje neki konkretni problemi?

Profil

deki019 Poslao: 30 Jan 2008 18:55 Idi na vrh
offline deki019 Novi MyCity građanin Pridružio: 29 Jan 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Za sada nema sve super radi i radi brze neko sto je radeo do sada,ja mislim da nema ovo veze sa procesorom i grafickom,posto mi je komp dosta star.I kazi te mi koji je najbolji anti virus odnosno koji mi vi preporucujete da koristim,javite mi odmah ako nije problem,izvinite sto ste cekali na moj odgovor bio sam malo odsutan.I dali smo sada zavrsili proces?Ako bude nekih problema javicu se naravno. Dopuna: 30 Jan 2008 18:55 imam jedno pitanje odnosno 2 ,Dali smo sada zavrsili proces i dali je moj komp sada cist i koji anti virus mi vi preporucujete da koristim ako je moguce jedan od najboljih?

Profil

dr_Bora Poslao: 30 Jan 2008 19:34 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Više nema vidljivih tragova malware-a. Stoga, gotovi smo. Koji je najbolji AV? Na to nije moguće dati precizan/objektivan odgovor. Takođe, članovi AMF tima su neutralni po tom pitanju i ja ti ne mogu odgovoriti na to. Ako te zanimaju iskustva i mišljenja drugih članova foruma, pregledaj forume Zaštita od virusa / Antivirus programi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Usporio mi se kompjuter

Ko je trenutno na forumu

Ukupno su 981 korisnika na forumu :: 44 registrovanih, 6 sakrivenih i 931 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Alexandar-1973, amaterSRB, Apok, aramis s, dankisha, darkangel, darkojbn, dushan, FileFinder, FOX, Frunze, Goran 0000, goxin, janbo, JOntra, Karla, Kibice, ljuba, mercedesamg, milutin134, mocnijogurt, moldway, mrav pesadinac, muaddib, NikolaC, ObelixSRB, Oscar, Panter, rasok, robert1979, ruma, Srle993, stegonosa, Stoilkovic, Sumadija34, TITAN DUDIN JARAN, Toper, Trpe Grozni, Vatreni Zmaj, Vlad000, wizzardone, wolverined4, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by