molim za pomoc

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

kada sam to prevukla Combo Fix je poceo da skenira a onda se pojavilo nesto i on se izgubio sa ekrana uspela sam da uslikam to na print screan

Dopuna: 18 Jul 2008 17:54

sta da radim?

Dopuna: 18 Jul 2008 18:02

takodje Nod control centar ikona je crvena iako sam ukljucila File system monitor (AMON) enabled.

Dopuna: 18 Jul 2008 18:40

evo ga novi log
ComboFix 08-07-17.4 - Semenka 2008-07-18 18:10:39.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.14 [GMT 2:00]
Running from: C:\Documents and Settings\Semenka\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Semenka\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SearchInOneStep
C:\Program Files\SearchInOneStep\home.js
C:\Program Files\SearchInOneStep\searchin1.dll
C:\Program Files\SearchInOneStep\searchin1.exe
C:\Program Files\SearchInOneStep\si1opt.exe
C:\Program Files\SearchInOneStep\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEARCHINONESTEP_SERVICE
-------\Service_SearchInOneStep Service


((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.

2021-04-18 22:01 . 2007-07-22 13:05 <DIR> d-------- C:\Program Files\Eset
2021-04-18 22:01 . 2021-04-18 22:00 245,760 --a------ C:\WINDOWS\system32\imon.dll
2021-04-18 22:01 . 2021-04-18 22:00 114,688 --a------ C:\WINDOWS\system32\nms32.dll
2008-07-17 19:29 . 2008-07-17 19:51 <DIR> d-------- C:\Documents and Settings\Semenka\Application Data\NCH Swift Sound
2008-07-15 18:53 . 2008-07-15 19:02 <DIR> d-------- C:\Documents and Settings\Semenka\Application Data\ICQ
2008-07-15 18:51 . 2008-07-15 19:02 <DIR> d-------- C:\Program Files\ICQ6
2008-07-13 10:39 . 2008-07-13 10:39 <DIR> d-------- C:\WINDOWS\Logs
2008-07-09 16:39 . 2008-07-09 16:40 20,032,046 --a------ C:\Sweden.avi
2008-07-09 00:26 . 2008-07-09 00:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 11:08 . 2008-07-08 11:08 <DIR> d-------- C:\Documents and Settings\Semenka\Application Data\Media Player Classic
2008-07-07 00:45 . 2008-07-16 19:49 <DIR> d-------- C:\Program Files\Call Alert
2008-07-06 11:54 . 2004-11-28 21:09 679,936 --a------ C:\WINDOWS\system\xvidcore.dll
2008-07-04 21:20 . 2001-04-01 17:24 218,112 --a------ C:\WINDOWS\system32\CALLERID.OCX
2008-07-04 21:20 . 2000-03-09 10:46 21,504 --a------ C:\WINDOWS\system32\FT.OCX
2008-07-04 21:12 . 2008-07-04 21:12 274,432 --------- C:\WINDOWS\Setup1.exe
2008-07-04 21:12 . 2008-07-04 21:12 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-04 20:24 . 2002-04-07 22:14 724,992 --a------ C:\WINDOWS\system32\ebCrypt.dll
2008-07-04 20:24 . 2004-07-23 12:05 532,480 --a------ C:\WINDOWS\system32\vsflex8l.ocx
2008-07-04 20:24 . 2003-05-15 12:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-07-04 20:24 . 2000-05-30 21:29 106,496 --a------ C:\WINDOWS\system32\TrayIcn6.ocx
2008-07-04 20:24 . 1998-06-24 00:00 103,744 --a------ C:\WINDOWS\system32\MSCOMM32.OCX
2008-07-04 20:24 . 2003-07-28 22:31 28,672 --a------ C:\WINDOWS\system32\VbLear.dll
2008-07-04 20:24 . 2003-07-26 16:22 4,720 --a------ C:\WINDOWS\system32\Vb201.vxd
2008-07-04 20:10 . 2008-07-04 20:10 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-07-04 19:55 . 2008-07-04 20:12 <DIR> d-------- C:\Program Files\acc
2008-07-04 19:06 . 2008-07-04 19:06 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-25 16:06 . 2008-06-25 16:06 <DIR> d-------- C:\Program Files\Gadwin Systems
2008-06-21 06:41 . 2008-06-21 06:41 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-21 06:41 . 2008-06-21 06:41 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-20 13:05 . 2008-06-21 06:26 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2021-04-18 20:00 300,048 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-07-18 16:15 --------- d-----w C:\Documents and Settings\Semenka\Application Data\Skype
2008-07-18 14:42 --------- d-----w C:\Documents and Settings\Semenka\Application Data\skypePM
2008-07-17 17:03 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-07-17 17:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 17:00 --------- d-----w C:\Program Files\Macromedia
2008-07-15 16:59 --------- d-----w C:\Program Files\ICQLite
2008-07-10 15:02 --------- d-----w C:\Program Files\JDVoiceMail
2008-07-09 06:52 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-08 22:27 --------- d-----w C:\Program Files\Lavasoft
2008-07-08 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-06 14:11 57,632 ----a-w C:\StiImg.dat
2008-06-28 17:37 --------- d-----w C:\Program Files\Java
2008-06-28 17:33 --------- d-----w C:\Program Files\Common Files\Corel
2008-06-28 17:32 --------- d-----w C:\Documents and Settings\Semenka\Application Data\Corel
2008-06-20 11:28 --------- d-----w C:\Program Files\Corel
2008-06-20 06:49 --------- d-----w C:\Program Files\FlashGet
2008-06-05 21:58 --------- d-----w C:\Documents and Settings\Semenka\Application Data\JAlbum
2008-06-05 21:54 --------- d-----w C:\Program Files\JalbumWin
2008-05-22 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-05-22 19:34 --------- d-----w C:\Program Files\Common Files\Real
2008-05-22 19:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 18:40 --------- d-----w C:\Documents and Settings\Semenka\Application Data\InstallShield
2008-05-22 17:57 --------- d-----w C:\Program Files\Common Files\Nikon
2008-05-22 17:54 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-22 15:20 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-03 15:54 131,584 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-02-08 17:46 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-10 23:03 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-04-19 23:28 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-04-18 19:54 56 --sh--r C:\WINDOWS\system32\FB1B3CBE4A.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-17_23.31.27.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 12:57 94208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 23:16 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"Gadwin PrintScreen 3.5"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 10:57 1101824]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-05-18 18:30 172280]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2021-04-18 22:00 847872]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-10-22 00:41 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-18 21:55 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2004-08-04 03:07 208896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-18 21:55 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 10:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server

R3 PAC207;VideoCAM GE111;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-18 18:23:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-07-18 18:36:11 - machine was rebooted [Semenka]
ComboFix-quarantined-files.txt 2008-07-18 16:36:00
ComboFix2.txt 2008-07-17 21:32:55

Pre-Run: 4,576,428,032 bytes free
Post-Run: 4,530,376,704 bytes free

200

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo sada izgleda ok.

Kakvo je trenutno stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izgleda da je sada ok, videcemo ovih dana, nego reci mi sta da radim sa NOD-om jer je crvene boje ili mi dajes predlog nekog drugog antivirusnog sistema.

Hvala