Windows mi ne prepoznaje User-a

1

Windows mi ne prepoznaje User-a

offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Logfile of HijackThis v1.99.1
Scan saved at 4:18:45 PM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\TEMP\Desktop\Toma1\Tt2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {080F091E-1FD0-42AD-BEAC-CFFDD3F3EFA2} - C:\WINDOWS\system32\byXQIaYS.dll (file missing)
O2 - BHO: QXK Olive - {0BB40FCB-2340-4B4D-984D-C7A68DFD0244} - C:\WINDOWS\kgqfweltpen.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VideoCodec Class - {926A61C9-5C20-4583-ACA7-ACE21088816E} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: (no name) - {9A0F9C67-DCC9-4E5F-AA21-65291D464474} - C:\WINDOWS\system32\ljJDsQJD.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE99EB12-A2D7-42D7-8BC2-754431199E2F} - C:\WINDOWS\system32\urqPhGxw.dll
O2 - BHO: (no name) - {C395209A-08E5-40CB-86DA-C5E92500E470} - C:\WINDOWS\system32\cbXQIBSJ.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: nqgpedlr - {D4919423-011C-4FDA-8AC1-6A37E496EC39} - C:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [7431cb23] rundll32.exe "C:\WINDOWS\system32\yqflguyl.dll",b
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\pc\LOCALS~1\Temp\atmadm2.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8C0B93A-3D80-4769-9F3C-500C45F48A1C}: NameServer = 194.106.162.10 194.106.162.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: urqPhGxw - C:\WINDOWS\SYSTEM32\urqPhGxw.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Zdravo,

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-----------------------------
Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Nanon paljenja racunara izadje mi obavestenje da >user environment<?? Nakon toga Windows krece sa >Personalized settings> i sam ucitava osnovne programe. Odmah iza W XP pocinje u start meniju da mi nudi Tour Windows-a. Inace radi usporeno a i kad mu sredim Start meni i upamtim izmene nakon gasenja on ne prepoynaje te izmene.???

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Uradi kako sam gore rekao.

offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

ComboFix 08-07-05.1 - pc 2008-07-07 16:38:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.252 [GMT 2:00]
Running from: C:\Documents and Settings\TEMP\Desktop\Toma1\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCPrivacyCleaner
C:\WINDOWS\evdq.exe
C:\WINDOWS\system32\cbXQIBSJ.dll
C:\WINDOWS\system32\DJQsDJjl.ini
C:\WINDOWS\system32\DJQsDJjl.ini2
C:\WINDOWS\system32\egqcjqdc.ini
C:\WINDOWS\system32\JSBIQXbc.ini
C:\WINDOWS\system32\JSBIQXbc.ini2
C:\WINDOWS\system32\lyuglfqy.ini
C:\WINDOWS\system32\lyuglfqy.ini2
C:\WINDOWS\system32\lyuglfqy.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\oviavprg.ini
C:\WINDOWS\system32\qkhosipi.ini
C:\WINDOWS\system32\SYaIQXyb.ini
C:\WINDOWS\system32\SYaIQXyb.ini2
C:\WINDOWS\system32\urqPhGxw.dll
C:\WINDOWS\system32\winsys.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-07 17:11 . 2008-07-07 17:11 <DIR> d-------- C:\Documents and Settings\pc.VARGA
2008-07-06 23:57 . 2008-07-07 00:00 <DIR> d-------- C:\effbot.exe
2008-07-06 01:25 . 2008-07-06 01:25 244 --ah----- C:\sqmnoopt00.sqm
2008-07-06 01:25 . 2008-07-06 01:25 232 --ah----- C:\sqmdata00.sqm
2008-07-06 01:09 . 2008-07-06 01:09 88,576 --a------ C:\WINDOWS\system32\yqflguyl.dll
2008-07-06 00:43 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-07-06 00:28 . 2008-07-06 00:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-06 00:24 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-07-05 12:16 . 2008-07-05 12:16 318,720 --a------ C:\WINDOWS\system32\byXQIaYS.dll_old
2008-07-05 02:17 . 2008-07-05 02:20 193 --a------ C:\WINDOWS\wininit.ini
2008-07-05 00:03 . 2008-07-04 23:59 691,545 --a------ C:\WINDOWS\unins000.exe
2008-07-05 00:03 . 2008-07-05 00:03 2,537 --a------ C:\WINDOWS\unins000.dat
2008-07-04 23:53 . 2008-07-05 00:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-04 23:53 . 2008-07-05 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 23:17 . 2008-07-04 23:32 <DIR> d-------- C:\Program Files\Pawn 2
2008-07-04 20:42 . 2008-07-04 20:42 89,088 --a------ C:\WINDOWS\system32\cdqjcqge.dll
2008-07-04 17:53 . 2008-07-04 12:19 303,104 --a------ C:\WINDOWS\kgqfweltpen.dll
2008-07-04 17:53 . 2008-07-04 12:19 200,704 --------- C:\WINDOWS\axrfgvek.dll
2008-07-04 17:53 . 2008-07-04 12:19 86,016 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-04 15:25 . 2008-07-04 15:26 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-29 12:58 . 2004-08-04 03:07 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-29 01:26 . 2008-06-29 01:26 <DIR> d-------- C:\Program Files\SanDisk
2008-06-28 15:11 . 2008-06-28 15:11 <DIR> d-------- C:\Program Files\Robster Productions
2008-06-26 19:43 . 2008-06-26 19:43 <DIR> d-------- C:\Program Files\Analog Devices
2008-06-26 19:31 . 2004-08-03 22:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-06-26 19:31 . 2004-08-03 22:39 142,464 --a--c--- C:\WINDOWS\system32\dllcache\aec.sys
2008-06-26 19:31 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-06-26 19:31 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-06-26 19:31 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-06-26 19:31 . 2001-08-17 14:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
2008-06-26 19:31 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-06-26 19:31 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
2008-06-26 19:31 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-06-26 19:31 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-06-26 19:29 . 2001-09-19 14:47 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2008-06-26 19:29 . 2001-09-19 14:32 720,896 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
2008-06-26 19:29 . 2001-09-19 14:47 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll
2008-06-26 19:29 . 2001-09-19 14:32 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2008-06-26 19:21 . 2008-06-26 19:21 <DIR> d-------- C:\Program Files\VIA
2008-06-26 19:21 . 2003-10-31 05:22 77,312 -ra------ C:\WINDOWS\system32\drivers\viasraid.sys
2008-06-26 19:19 . 2003-04-15 10:59 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-06-26 19:19 . 2008-06-26 19:38 2,881 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-06-26 18:11 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-26 18:06 . 2008-06-26 18:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-26 17:44 . 2008-06-26 17:44 <DIR> d--hs---- C:\found.000
2008-06-26 15:12 . 2008-06-26 15:12 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-26 15:12 . 2008-06-26 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-06-26 12:11 . 2008-06-26 12:12 <DIR> d-------- C:\Program Files\ScriptCryptor
2008-06-26 00:26 . 2008-07-04 18:21 <DIR> d-------- C:\Program Files\Quick Batch File Compiler
2008-06-26 00:19 . 2008-06-26 00:19 <DIR> d-------- C:\Program Files\SAGEM
2008-06-25 23:46 . 2008-06-25 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-06-25 23:45 . 2008-06-24 20:18 211 --a------ C:\boot.ini.comodofirewall
2008-06-25 23:44 . 2008-06-25 23:44 <DIR> d-------- C:\Program Files\Comodo
2008-06-25 21:31 . 2008-07-07 16:02 53 --a------ C:\biosinfo
2008-06-25 21:29 . 2006-02-15 19:15 176,128 --a------ C:\WINDOWS\autoclk.exe
2008-06-25 21:29 . 2008-06-26 00:19 990 --a------ C:\WINDOWS\adiras.ini
2008-06-25 21:22 . 2008-06-26 15:11 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-25 21:20 . 2008-06-25 21:20 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-06-25 21:20 . 2003-09-20 00:45 21,248 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-06-25 21:19 . 2008-06-25 21:19 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-25 21:19 . 1995-08-01 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-06-25 21:18 . 2008-06-25 21:18 <DIR> d-------- C:\WINDOWS\PixArt
2008-06-25 21:18 . 2008-07-02 15:46 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-25 21:18 . 2008-06-25 21:18 <DIR> d-------- C:\Program Files\Trust
2008-06-25 21:18 . 2008-06-25 21:18 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2008-06-25 21:18 . 2008-06-26 15:09 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-25 21:16 . 2008-06-25 21:16 0 --a------ C:\WINDOWS\msicpl.ini
2008-06-25 21:07 . 2004-08-04 09:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-25 21:07 . 2004-08-04 09:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-06-25 21:07 . 2004-08-04 07:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-25 21:07 . 2004-08-04 07:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-06-25 21:07 . 2001-08-17 22:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-25 21:07 . 2001-08-17 22:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-25 21:05 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-25 21:05 . 2004-08-04 08:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-25 21:05 . 2001-08-17 23:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-25 21:05 . 2001-08-17 23:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-25 19:17 . 2008-06-25 19:30 <DIR> d-------- C:\WINDOWS\vf_hip
2008-06-25 19:17 . 2008-06-25 19:17 32 --a------ C:\WINDOWS\go
2008-06-25 19:13 . 2008-06-25 19:30 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-06-25 18:39 . 2003-06-19 02:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-25 18:39 . 2008-07-07 00:02 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-25 18:37 . 2008-06-25 18:37 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-25 18:37 . 2008-06-25 18:37 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-25 18:37 . 2008-06-25 18:37 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-25 18:36 . 2008-06-25 18:36 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-25 18:35 . 2008-06-25 18:37 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-25 18:29 . 2008-07-06 20:44 <DIR> d-------- C:\Program Files\Windows Live
2008-06-25 18:29 . 2008-06-25 18:29 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-25 18:28 . 2008-06-25 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-25 18:26 . 2008-06-25 18:26 229,376 --a------ C:\WINDOWS\system32\RichVideoCodec.dll
2008-06-25 18:18 . 2008-06-25 18:31 <DIR> d-------- C:\Documents and Settings\pc\Contacts
2008-06-25 18:18 . 2006-09-25 01:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-06-25 18:18 . 2007-09-05 02:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-25 18:18 . 2007-09-21 10:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-06-25 18:18 . 2007-10-04 01:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-06-25 18:17 . 2008-06-25 18:17 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-25 18:17 . 2007-09-29 02:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-25 18:17 . 2007-07-25 23:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-25 18:17 . 2007-09-29 02:05 739,840 --a------ C:\WINDOWS\system32\divx.dll
2008-06-25 18:17 . 2007-03-10 21:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-25 18:17 . 2004-01-26 02:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-25 18:17 . 2007-09-29 02:05 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-06-25 18:17 . 2007-07-30 01:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-25 18:17 . 2007-07-11 02:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-25 18:16 . 2008-06-25 18:16 <DIR> d-------- C:\Program Files\Winamp
2008-06-25 18:15 . 2008-06-25 18:15 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-25 18:15 . 2008-06-25 18:15 <DIR> d-------- C:\Program Files\Ahead
2008-06-25 18:15 . 2001-07-06 23:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-06-25 18:15 . 2001-07-06 21:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-06-25 18:15 . 2001-07-07 03:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-06-25 18:15 . 2001-07-09 20:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-25 18:15 . 2004-03-04 06:30 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-25 18:15 . 2000-06-26 20:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-25 18:15 . 2001-06-26 17:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-06-25 18:15 . 2004-03-04 06:30 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-25 18:14 . 2008-07-04 22:09 <DIR> d-------- C:\Program Files\The KMPlayer
2008-06-25 18:13 . 2008-06-29 01:26 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 18:13 . 2008-06-25 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-25 18:13 . 2008-06-25 18:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-25 18:12 . 2008-06-25 18:13 <DIR> d-------- C:\Program Files\CyberLink
2008-06-25 18:12 . 2008-06-25 18:11 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-25 18:12 . 2008-06-25 18:11 353,840 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-25 18:10 . 2008-07-05 16:47 <DIR> d-------- C:\Program Files\Eset
2008-06-25 18:10 . 2008-06-25 18:10 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 00:14 90,112 ----a-w C:\WINDOWS\DUMP30c4.tmp
2008-06-25 22:19 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-06-24 18:26 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BB40FCB-2340-4B4D-984D-C7A68DFD0244}]
2008-07-04 12:19 303104 --a------ C:\WINDOWS\kgqfweltpen.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{926A61C9-5C20-4583-ACA7-ACE21088816E}]
2008-06-25 18:26 229376 --a------ C:\WINDOWS\system32\RichVideoCodec.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-25 18:10 949376]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 20:50 155648]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 03:15 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 04:37 69632]
"Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-06-26 12:41 1115728]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-16 16:51 7569408]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-16 16:51 86016]
"7431cb23"="C:\WINDOWS\system32\yqflguyl.dll" [2008-07-06 01:09 88576]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 21:06 62760]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-17 04:20 91432]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 07:59 57344 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-06-26 00:19:28 1205840]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2008-06-26 19:21:54 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 20:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-10-28 18:35 72736 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 12:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-13 21:08 1271032 E:\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 E:\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-06-25 16:10 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-04-16 16:51 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 05:22]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 09:12]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 22:48]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 22:47]

.
- - - - ORPHANS REMOVED - - - -

BHO-{080F091E-1FD0-42AD-BEAC-CFFDD3F3EFA2} - C:\WINDOWS\system32\byXQIaYS.dll
BHO-{9A0F9C67-DCC9-4E5F-AA21-65291D464474} - C:\WINDOWS\system32\ljJDsQJD.dll
Toolbar-{D4919423-011C-4FDA-8AC1-6A37E496EC39} - C:\WINDOWS\nqgpedlr.dll
HKLM-Run-DelayLoad - C:\DOCUME~1\pc\LOCALS~1\Temp\atmadm2.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-07 17:12:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\yqflguyl.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-07 17:17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-07 15:16:53

Pre-Run: 15,204,429,824 bytes free
Post-Run: 15,144,570,880 bytes free

263 --- E O F --- 2008-06-26 13:49:45

Evo to je to.Inace Combo mi je restartovao PC i isto je ponasanje...

Dopuna: 07 Jul 2008 17:35

Doktore pomagaj ubice me deca,Sj...ao sam im PC po treci put...

Dopuna: 07 Jul 2008 17:49

Doco, jel jos da cekam il mogu dole do dragstora na hladno vopi,a?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Idi na pivo, posto i ja moram do radnje da nesto pojedem. Pa se cujemo u toku veceri.....

Dopuna: 07 Jul 2008 19:28

Ponovo iskljuci antivirus kako sam ti malo pre rekao i uradi sledece:

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\kgqfweltpen.dll
C:\WINDOWS\system32\RichVideoCodec.dll
C:\WINDOWS\system32\yqflguyl.dll
C:\WINDOWS\system32\byXQIaYS.dll_old
C:\WINDOWS\system32\cdqjcqge.dll
C:\WINDOWS\kgqfweltpen.dll
C:\WINDOWS\axrfgvek.dll
C:\WINDOWS\mrvtdpqe.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BB40FCB-2340-4B4D-984D-C7A68DFD0244}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{926A61C9-5C20-4583-ACA7-ACE21088816E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7431cb23"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Doco, sve sam odradio do CFScript-a na Desktopu.Medjutim ne mogu da nadjem C ombo Fix , jednostavno ga nema u racunaru. Sta da radim?

Dopuna: 07 Jul 2008 22:15

Da li da ponovo skinem Combo Fix?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

ComboFix ti se nalazi na Desktopu, u folderu Toma1.
Receno je gore da ga skines na desktop, ne u poseban folder. Ne bi doslo do zabune da si doslovno pratio nasa uputstva.

offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Da ali tog foldera vise nema a ja ga nisam brisao?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini onda ponovo. Mozda ga je neko drugi, ko jos radi na tom kompu, obrisao.

Ko je trenutno na forumu
 

Ukupno su 981 korisnika na forumu :: 65 registrovanih, 12 sakrivenih i 904 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Alibaba1981, anbeast, aramis s, arzak, awathorn, babaroga, Ben Roj, Bobrock1, Boris Bosiljčić, Boris90, brundo65, cemix, Cobi026, DejanSt, dekan.m, Ehinacea, elenemste, fijesta7, francis begbie, Frunze, GandorCC, gmlale, gomago, goran.vvv, haris1913, ILGromovnik, ivica976, Jester, kaptain, krlebgd77, kunktator, ladro, ljubomir80, Lord Nem, Markoni29, mercedesamg, Mimikrija, Mixelotti, mkukoleca, nemkea71, oganj123, pedja2506, pein, pericanet, prashinar, RiV, RJ, rkekoke, robert1979, Rocker, Sirius, srecko81, Srky Boy, stagezin, stalja, Toni, trajkoni018, Van, Vlada1389, VladaNS1978, vobo, vukdra, yrraf, zillbg, |_MeD_|