MyCity » Ambulanta -> Arhiva Ambulante » problem?

problem?

Napisano na dan: 5.5.2009

problem?

Sledeća strana

Pagination

Odgovori

gucijan Poslao: 05 Maj 2009 16:11 Idi na vrh
offline gucijan Novi MyCity građanin Pridružio: 27 Sep 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! u posednjih pola sata računar mi se drastično usporio, drugo ne prijavljuje. Sve je počelo pošto sam instalirao probnu verziju abbyy fine readera za koju da budem iskrem nemam pojma odakle mi. Na sve ovo Nod se ne uzbuđava previše. Evo mog loga.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:36:19, on 5.5.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\FlashGet\FlashGet.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe C:\WINDOWS\system32\goe.exe C:\Documents and Settings\Administrator\Desktop\virus\ja7.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [KRun] C:\Program Files\ENT\RunMe\RunMe.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe" O4 - HKLM\..\Run: [ScanRegistry] C:\W O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\WinampPortable\App\Winamp\winampa.exe" O4 - HKLM\..\RunOnce: [XLogUtil] Regsvr32.exe /s "C:\Program Files\Common Files\Ulead Systems\DVD\XLogUtil.dll" O4 - HKLM\..\RunOnce: [LDrtBurn] Regsvr32.exe /s "C:\Program Files\Common Files\Ulead Systems\DVD\LDrtBurn.dll" O4 - HKLM\..\RunOnce: [ulesmpeg] Regsvr32.exe /s "C:\Program Files\Common Files\Ulead Systems\MPEG\ulesmpeg.ax" O4 - HKLM\..\RunOnce: [LdrtDisc] Regsvr32.exe /s "C:\Program Files\Common Files\Ulead Systems\DVD\LdrtDisc.dll" O4 - HKLM\..\RunOnce: [uldsmpeg] Regsvr32.exe /s "C:\Program Files\Common Files\Ulead Systems\MPEG\uldsmpeg.ax" O4 - HKLM\..\RunOnce: [ulspmpeg] Regsvr32.exe /s "C:\Program Files\Common Files\Ulead Systems\MPEG\ulspmpeg.ax" O4 - HKLM\..\RunOnce: [uFileIO] Regsvr32.exe /s "C:\Program Files\Disney Magic Artist featuring Ulead DVD PictureShow\uFileIO.dll" O4 - HKLM\..\RunOnce: [LdvdEng] Regsvr32.exe /s "C:\Program Files\Common Files\Ulead Systems\DVD\LdvdEng.dll" O4 - HKLM\..\RunOnce: [ULCDRDrv] Regsvr32.exe /s "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRDrv.dll" O4 - HKLM\..\RunOnce: [XDiscLayer] Regsvr32.exe /s "C:\Program Files\Common Files\Ulead Systems\DVD\XDiscLayer.dll" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [PWSActivePrint_5] "C:\Program Files\Pocket Watch LLC\ActivePrint System\ActivePrintSystem.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\ENT\Analog Clock\AnalogClock.exe O4 - HKCU\..\Run: [TopDesk] C:\Program Files\ENT\TopDesk\topdesk.exe O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\ENT\TrueTransparency\TrueTransparency.exe" O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\ENT\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [Visual Task Tips] "C:\Program Files\ENT\VisualTaskTips\VisualTaskTips.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Append Link Target to Existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici] O17 - HKLM\System\CCS\Services\Tcpip\..\{58AD71D3-467F-493B-9B87-27F5C79A7EC6}: NameServer = 194.247.192.1 194.247.192.33 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 12565 bytes

Profil

dr_Bora Poslao: 05 Maj 2009 18:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... gucijan ::u posednjih pola sata računar mi se drastično usporio Pa to je već ozbiljan problem. Uploaduj sledeći file: C:\WINDOWS\system32\goe.exe preko ovog linka: [Link mogu videti samo ulogovani korisnici] Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

gucijan Poslao: 05 Maj 2009 23:40 Idi na vrh
offline gucijan Novi MyCity građanin Pridružio: 27 Sep 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] pa jeste ozbiljno ...uradio sam sve po preporuci. dugo nešto trajalo ono prvo skeniranje, imam mnogo sitnih fajlova na disku.... pozdrav

Profil

dr_Bora Poslao: 06 Maj 2009 14:55 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isključivanje TeaTimer-a:Pokreni Spybot - Search & Destroy Klikni Mode stavku u meniju Odaberi Advanced mode Na traci levo klikni na Tools Klikni na Resident Destikliraj "Resident Tea-Timer" (Protection of over-all system settings) active. Zatvori Spybot - S&D i restartuj kompjuter. - Zatim skini program sa ovog linka na Desktop. - Pokreni ga dvoklikom i isprati uputstva. Nemoj zaboraviti da ponovo ukljucis ove opcije kada zavrsimo ciscenje. Isključivanje Windows Defender-a:Pokreni Windows Defender Klikni na Tools Klikni na General Settings Klikni na Real Time Protection Options Destikliraj Turn on Real Time Protection (recommended) Klikni na Save i zatvori Windows Defender Nemoj zaboraviti da ponovo ukljucis ovu opciju kada zavrsimo ciscenje. Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin : Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje). * Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora; * Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection. * Na sledece pitanje klikni Yes. Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

gucijan Poslao: 06 Maj 2009 17:56 Idi na vrh
offline gucijan Novi MyCity građanin Pridružio: 27 Sep 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo, nisam ni znao da je isključivanje "zaštite" teže no uključivanje ComboFix 09-05-04.A0 - Administrator 06.05.2009 17:38.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1023.504 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\1doc2pdf.dll c:\windows\n.tmp c:\windows\system32\msconfig.exe . ((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 ))))))))))))))))))))))))))))))) . 2009-05-05 15:50 . 2009-05-05 15:50 -------- d-----w c:\program files\Common Files\ABBYY 2009-05-05 15:38 . 2008-05-16 03:51 -------- d-----w C:\FR90PE_VOL 2009-05-05 15:18 . 2008-06-30 21:04 -------- d-----w c:\temp\afr_www.(zabranjeno)rocker.net 2009-05-05 13:02 . 2009-05-05 13:02 32256 ----a-w c:\windows\system32\goe.exe 2009-05-05 13:02 . 2009-05-05 13:02 32256 ---h--w c:\documents and settings\Administrator\smw.exe 2009-05-05 11:00 . 2009-05-05 11:00 -------- d-----w c:\documents and settings\Administrator\Application Data\ABBYY 2009-05-05 10:51 . 2009-05-05 15:44 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\ABBYY 2009-05-05 10:51 . 2009-05-05 10:51 -------- d-----w c:\documents and settings\All Users\Application Data\ABBYY 2009-05-05 10:51 . 2009-05-05 17:46 -------- d-----w c:\program files\ABBYY FineReader 9.0 2009-05-04 17:35 . 2009-05-04 17:35 -------- d-----w c:\temp\KTS 2009-04-29 17:07 . 2009-04-29 17:07 -------- d-----w c:\program files\Western Digital Technologies 2009-04-29 15:59 . 2009-04-29 15:59 -------- d-sh--w c:\documents and settings\Default User\IETldCache 2009-04-29 08:25 . 2009-04-29 08:25 -------- d-----w c:\documents and settings\All Users\Application Data\CanonCP 2009-04-28 16:59 . 2009-04-28 16:59 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache 2009-04-26 21:29 . 2009-04-26 21:29 -------- d-----w c:\temp\CrashDumps 2009-04-26 21:27 . 2009-04-26 21:27 -------- d-----w c:\windows\ClearView plug-in activation 2009-04-26 21:25 . 2009-04-26 21:25 -------- d-----w c:\windows\Echo Wave II 2009-04-26 21:25 . 2009-04-26 21:25 -------- d-----w C:\Echo Images 2009-04-22 17:33 . 2009-04-22 17:33 -------- d-----w C:\crtani dvd 90 2009-04-22 08:41 . 2009-04-22 08:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2009-04-21 15:01 . 2009-04-21 15:01 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache 2009-04-14 20:23 . 2009-04-14 21:13 -------- d-----w c:\windows\SxsCaPendDel 2009-04-14 20:13 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-14 20:13 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-14 20:13 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-14 20:13 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-14 20:13 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-14 20:13 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-14 20:13 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-14 20:13 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-14 20:13 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-14 20:13 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-14 19:52 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-14 19:52 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-13 21:46 . 2009-04-13 21:47 -------- d-----w c:\windows\system32\ECGIII 2009-04-13 21:24 . 2009-04-13 21:28 -------- d-----w c:\temp\uz srca barcelona 2009-04-13 21:15 . 2009-04-13 21:15 -------- d-----w c:\temp\0491 Thrombosis 2009-04-13 21:14 . 2009-04-13 21:14 -------- d-----w c:\temp\0304 GryAna39 2009-04-11 21:23 . 2009-04-11 21:23 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE 2009-04-11 21:13 . 2009-04-11 21:13 -------- d-----w c:\documents and settings\Administrator\Application Data\ESET 2009-04-11 20:56 . 2009-04-11 20:56 -------- d-sh--w c:\documents and settings\Administrator\IETldCache 2009-04-11 20:50 . 2009-04-11 20:50 -------- d-----w c:\windows\ie8updates 2009-04-11 20:47 . 2009-04-11 20:48 -------- dc-h--w c:\windows\ie8 2009-04-11 20:44 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll 2009-04-11 20:00 . 2009-04-11 20:00 -------- d-----w c:\program files\Windows Defender 2009-04-06 20:43 . 2001-10-28 23:42 116224 ----a-w c:\windows\system32\pdfmonnt.dll 2009-04-06 20:43 . 2009-04-06 20:43 -------- d-----w c:\program files\8848Soft 2009-04-06 20:43 . 2009-04-06 20:43 -------- d-----w c:\windows\system32\psconv 2009-04-06 20:43 . 2009-04-06 20:43 -------- d-----w c:\program files\psconvert . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-06 15:42 . 2008-07-20 22:10 -------- d-----w c:\program files\FlashGet 2009-05-05 22:13 . 2009-01-03 22:46 -------- d-----w c:\program files\Common Files\Adobe 2009-05-05 14:22 . 2008-09-27 18:17 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-29 08:51 . 2009-01-02 17:54 8456 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-04-26 22:00 . 2009-04-26 22:00 0 ----a-w C:\sys1335.tmp 2009-04-14 21:32 . 2009-03-28 09:11 566784 ----a-w c:\windows\~de74bc.tmp 2009-04-14 21:16 . 2008-07-21 13:40 107776 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-09 21:19 . 2008-09-27 13:42 -------- d-----w c:\program files\Java 2009-04-01 14:45 . 2009-04-01 14:45 -------- d-----w c:\program files\eRightSoft 2009-04-01 10:57 . 2009-04-01 10:57 -------- d-----w c:\program files\mkvtoavis 2009-03-29 10:15 . 2009-03-29 10:15 -------- d-----w c:\program files\Common Files\Autodata Limited Shared 2009-03-28 10:31 . 2009-03-28 10:31 565248 ----a-w c:\windows\uninstal.exe 2009-03-28 08:47 . 2009-01-28 22:07 249856 ------w c:\windows\Setup1.exe 2009-03-28 08:47 . 2009-01-28 22:07 73216 ----a-w c:\windows\ST6UNST.EXE 2009-03-27 09:16 . 2008-12-04 22:22 -------- d-----w c:\program files\Nokia 2009-03-27 07:41 . 2008-12-04 22:23 -------- d-----w c:\program files\Common Files\Nokia 2009-03-26 10:52 . 2008-09-21 21:49 35328 ----a-w c:\windows\system32\cygz.dll 2009-03-26 10:52 . 2008-09-21 21:49 35328 ----a-w c:\windows\cygz.dll 2009-03-26 10:52 . 2008-09-21 21:49 1126281 ----a-w c:\windows\system32\cygwin1.dll 2009-03-26 10:52 . 2008-09-21 21:49 1126281 ----a-w c:\windows\cygwin1.dll 2009-03-25 22:24 . 2009-03-25 22:24 -------- d-----w c:\program files\Common Files\PCSuite 2009-03-25 22:23 . 2009-03-25 22:23 -------- d-----w c:\program files\PC Connectivity Solution 2009-03-19 15:02 . 2009-03-19 15:02 -------- d-----w c:\program files\PowerISO 2009-03-17 09:43 . 2008-07-17 08:28 630784 ----a-w c:\windows\system32\Usgfw2.dll 2009-03-09 03:19 . 2009-02-20 22:25 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 02:34 . 2008-05-06 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2008-05-06 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2008-05-06 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2008-05-06 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2008-05-06 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2008-05-06 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2008-05-06 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2008-05-06 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2008-05-06 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2008-05-06 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:22 . 2008-05-06 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-02-27 09:13 . 2008-07-17 08:28 380928 ----a-w c:\windows\system32\Usgfw.dll 2009-02-09 12:10 . 2008-05-06 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2008-05-06 12:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2008-05-06 12:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2008-05-06 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2008-05-06 12:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 06:37 . 2009-03-27 07:44 7808 ----a-w c:\windows\system32\usbser_lowerfltj.sys 2009-02-09 06:37 . 2009-03-27 07:44 659968 ----a-w c:\windows\system32\nmwcdcocls.dll 2009-02-09 06:37 . 2009-03-27 07:44 7808 ----a-w c:\windows\system32\usbser_lowerflt.sys 2009-02-09 06:37 . 2008-12-04 22:22 91136 ----a-w c:\windows\system32\nmwcdcls.dll 2009-02-09 06:37 . 2009-03-27 07:44 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys 2009-02-09 06:37 . 2009-03-27 07:44 17664 ----a-w c:\windows\system32\drivers\ccdcmb.sys 2009-02-09 06:32 . 2009-03-27 07:44 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll 2009-02-07 17:02 . 2008-04-13 23:01 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 12:24 . 2009-02-06 12:24 56280 ----a-w c:\windows\system32\drivers\epfwtdi.sys 2009-02-06 12:24 . 2009-02-06 12:24 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys 2009-02-06 12:24 . 2009-02-06 12:24 130952 ----a-w c:\windows\system32\drivers\epfw.sys 2009-02-06 12:23 . 2009-02-06 12:23 106208 ----a-w c:\windows\system32\drivers\ehdrv.sys 2009-02-06 12:19 . 2009-02-06 12:19 113448 ----a-w c:\windows\system32\drivers\eamon.sys 2009-02-06 11:11 . 2008-05-06 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2008-05-06 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2008-05-06 12:00 35328 ----a-w c:\windows\system32\sc.exe 2008-05-05 20:14 . 2008-07-20 19:44 34048 ----a-w c:\program files\opera\program\plugins\upd62i9x.dll 2008-05-05 20:14 . 2008-07-20 19:44 45056 ----a-w c:\program files\opera\program\plugins\upd62int.dll . ------- Sigcheck ------- [-] 2008-02-29 14:28 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "PWSActivePrint_5"="c:\program files\Pocket Watch LLC\ActivePrint System\ActivePrintSystem.exe" [2007-11-23 312832] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-11-23 1247232] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-18 4804608] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-09-26 237568] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2007-05-22 405504] "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704] "VX1000"="c:\windows\vVX1000.exe" [2008-08-04 721936] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800] "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-25 77824] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-11-18 323584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-7-22 1205840] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Pocket Watch LLC\\ActivePrint System\\ActivePrintSystem.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\goe.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [22.7.2008 11:51 104344] R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [15.8.2003 16:10 68480] R3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [10.8.2008 15:49 15104] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [10.8.2008 17:50 9446] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [22.7.2008 11:51 69656] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [6.5.2008 14:00 3584] S3 AVHybrid;AVHybrid service;c:\windows\system32\drivers\AVHybrid.sys [25.3.2009 15:41 1013760] S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?] S3 XRNBO;XRNBO;c:\windows\system32\drivers\XRNBO.sys [4.12.2008 23:19 177152] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . Contents of the 'Scheduled Tasks' folder 2009-05-06 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] 2009-05-06 c:\windows\Tasks\User_Feed_Synchronization-{FFBE3C03-DF8C-4774-A1E5-455995A21427}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . - - - - ORPHANS REMOVED - - - - HKCU-Run-AnalogClock - c:\program files\ENT\Analog Clock\AnalogClock.exe HKCU-Run-TopDesk - c:\program files\ENT\TopDesk\topdesk.exe HKCU-Run-TrueTransparency - c:\program files\ENT\TrueTransparency\TrueTransparency.exe HKCU-Run-UberIcon - c:\program files\ENT\UberIcon\UberIcon Manager.exe HKCU-Run-Visual Task Tips - c:\program files\ENT\VisualTaskTips\VisualTaskTips.exe HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe HKLM-Run-KRun - c:\program files\ENT\RunMe\RunMe.exe HKLM-Run-Remote - c:\program files\TVR\Remote.exe HKLM-Run-RecSche - c:\program files\TVR\RecSche.exe HKLM-Run-WinampAgent - c:\program files\WinampPortable\App\Winamp\winampa.exe . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - [Link mogu videti samo ulogovani korisnici] FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7avlwnf1.default\ FF - prefs.js: browser.startup.homepage - FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-05-06 17:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Remote = c:\program files\TVR\Remote.exe?????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN] "ImagePath"="\Sys" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1202660629-1788223648-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,01,06,38,22,10,ec,41,97,16,a8,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,01,06,38,22,10,ec,41,97,16,a8,\ . Completion time: 2009-05-06 17:45 ComboFix-quarantined-files.txt 2009-05-06 15:45 Pre-Run: 18.360.311.808 bytes free Post-Run: 18.830.381.056 bytes free 290 --- E O F --- 2009-05-05 00:12

Profil

dr_Bora Poslao: 06 Maj 2009 22:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\goe.exe c:\documents and settings\Administrator\smw.exe REGLOCK:: [HKEY_USERS\S-1-5-21-1202660629-1788223648-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences] Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\goe.exe"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

gucijan Poslao: 06 Maj 2009 23:39 Idi na vrh
offline gucijan Novi MyCity građanin Pridružio: 27 Sep 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga: ComboFix 09-05-04.A0 - Administrator 06.05.2009 23:29.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1023.417 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\documents and settings\Administrator\smw.exe c:\windows\system32\goe.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\smw.exe c:\windows\system32\goe.exe . ((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 ))))))))))))))))))))))))))))))) . 2009-05-05 15:50 . 2009-05-05 15:50 -------- d-----w c:\program files\Common Files\ABBYY 2009-05-05 15:38 . 2008-05-16 03:51 -------- d-----w C:\FR90PE_VOL 2009-05-05 15:18 . 2008-06-30 21:04 -------- d-----w c:\temp\afr_www.(zabranjeno)rocker.net 2009-05-05 11:00 . 2009-05-05 11:00 -------- d-----w c:\documents and settings\Administrator\Application Data\ABBYY 2009-05-05 10:51 . 2009-05-05 15:44 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\ABBYY 2009-05-05 10:51 . 2009-05-05 10:51 -------- d-----w c:\documents and settings\All Users\Application Data\ABBYY 2009-05-05 10:51 . 2009-05-05 17:46 -------- d-----w c:\program files\ABBYY FineReader 9.0 2009-05-04 17:35 . 2009-05-04 17:35 -------- d-----w c:\temp\KTS 2009-04-29 17:07 . 2009-04-29 17:07 -------- d-----w c:\program files\Western Digital Technologies 2009-04-29 15:59 . 2009-04-29 15:59 -------- d-sh--w c:\documents and settings\Default User\IETldCache 2009-04-29 08:25 . 2009-04-29 08:25 -------- d-----w c:\documents and settings\All Users\Application Data\CanonCP 2009-04-28 16:59 . 2009-04-28 16:59 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache 2009-04-26 21:29 . 2009-04-26 21:29 -------- d-----w c:\temp\CrashDumps 2009-04-26 21:27 . 2009-04-26 21:27 -------- d-----w c:\windows\ClearView plug-in activation 2009-04-26 21:25 . 2009-04-26 21:25 -------- d-----w c:\windows\Echo Wave II 2009-04-26 21:25 . 2009-04-26 21:25 -------- d-----w C:\Echo Images 2009-04-22 17:33 . 2009-04-22 17:33 -------- d-----w C:\crtani dvd 90 2009-04-22 08:41 . 2009-04-22 08:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2009-04-21 15:01 . 2009-04-21 15:01 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache 2009-04-14 20:23 . 2009-04-14 21:13 -------- d-----w c:\windows\SxsCaPendDel 2009-04-14 20:13 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-14 20:13 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-14 20:13 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-14 20:13 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-14 20:13 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-14 20:13 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-14 20:13 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-14 20:13 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-14 20:13 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-14 20:13 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-14 19:52 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-14 19:52 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-13 21:46 . 2009-04-13 21:47 -------- d-----w c:\windows\system32\ECGIII 2009-04-13 21:24 . 2009-04-13 21:28 -------- d-----w c:\temp\uz srca barcelona 2009-04-13 21:15 . 2009-04-13 21:15 -------- d-----w c:\temp\0491 Thrombosis 2009-04-13 21:14 . 2009-04-13 21:14 -------- d-----w c:\temp\0304 GryAna39 2009-04-11 21:23 . 2009-04-11 21:23 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE 2009-04-11 21:13 . 2009-04-11 21:13 -------- d-----w c:\documents and settings\Administrator\Application Data\ESET 2009-04-11 20:56 . 2009-04-11 20:56 -------- d-sh--w c:\documents and settings\Administrator\IETldCache 2009-04-11 20:50 . 2009-04-11 20:50 -------- d-----w c:\windows\ie8updates 2009-04-11 20:47 . 2009-04-11 20:48 -------- dc-h--w c:\windows\ie8 2009-04-11 20:44 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll 2009-04-11 20:00 . 2009-04-11 20:00 -------- d-----w c:\program files\Windows Defender . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-06 21:22 . 2008-07-20 22:10 -------- d-----w c:\program files\FlashGet 2009-05-05 22:13 . 2009-01-03 22:46 -------- d-----w c:\program files\Common Files\Adobe 2009-05-05 14:22 . 2008-09-27 18:17 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-29 08:51 . 2009-01-02 17:54 8456 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-04-26 22:00 . 2009-04-26 22:00 0 ----a-w C:\sys1335.tmp 2009-04-14 21:32 . 2009-03-28 09:11 566784 ----a-w c:\windows\~de74bc.tmp 2009-04-14 21:16 . 2008-07-21 13:40 107776 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-09 21:19 . 2008-09-27 13:42 -------- d-----w c:\program files\Java 2009-04-06 20:43 . 2009-04-06 20:43 -------- d-----w c:\program files\8848Soft 2009-04-06 20:43 . 2009-04-06 20:43 -------- d-----w c:\program files\psconvert 2009-04-01 14:45 . 2009-04-01 14:45 -------- d-----w c:\program files\eRightSoft 2009-04-01 10:57 . 2009-04-01 10:57 -------- d-----w c:\program files\mkvtoavis 2009-03-29 10:15 . 2009-03-29 10:15 -------- d-----w c:\program files\Common Files\Autodata Limited Shared 2009-03-28 10:31 . 2009-03-28 10:31 565248 ----a-w c:\windows\uninstal.exe 2009-03-28 08:47 . 2009-01-28 22:07 249856 ------w c:\windows\Setup1.exe 2009-03-28 08:47 . 2009-01-28 22:07 73216 ----a-w c:\windows\ST6UNST.EXE 2009-03-27 09:16 . 2008-12-04 22:22 -------- d-----w c:\program files\Nokia 2009-03-27 07:41 . 2008-12-04 22:23 -------- d-----w c:\program files\Common Files\Nokia 2009-03-26 10:52 . 2008-09-21 21:49 35328 ----a-w c:\windows\system32\cygz.dll 2009-03-26 10:52 . 2008-09-21 21:49 35328 ----a-w c:\windows\cygz.dll 2009-03-26 10:52 . 2008-09-21 21:49 1126281 ----a-w c:\windows\system32\cygwin1.dll 2009-03-26 10:52 . 2008-09-21 21:49 1126281 ----a-w c:\windows\cygwin1.dll 2009-03-25 22:24 . 2009-03-25 22:24 -------- d-----w c:\program files\Common Files\PCSuite 2009-03-25 22:23 . 2009-03-25 22:23 -------- d-----w c:\program files\PC Connectivity Solution 2009-03-19 15:02 . 2009-03-19 15:02 -------- d-----w c:\program files\PowerISO 2009-03-17 09:43 . 2008-07-17 08:28 630784 ----a-w c:\windows\system32\Usgfw2.dll 2009-03-09 03:19 . 2009-02-20 22:25 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 02:34 . 2008-05-06 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2008-05-06 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2008-05-06 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2008-05-06 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2008-05-06 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2008-05-06 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2008-05-06 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2008-05-06 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2008-05-06 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2008-05-06 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:22 . 2008-05-06 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-02-27 09:13 . 2008-07-17 08:28 380928 ----a-w c:\windows\system32\Usgfw.dll 2009-02-09 12:10 . 2008-05-06 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2008-05-06 12:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2008-05-06 12:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2008-05-06 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2008-05-06 12:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 06:37 . 2009-03-27 07:44 7808 ----a-w c:\windows\system32\usbser_lowerfltj.sys 2009-02-09 06:37 . 2009-03-27 07:44 659968 ----a-w c:\windows\system32\nmwcdcocls.dll 2009-02-09 06:37 . 2009-03-27 07:44 7808 ----a-w c:\windows\system32\usbser_lowerflt.sys 2009-02-09 06:37 . 2008-12-04 22:22 91136 ----a-w c:\windows\system32\nmwcdcls.dll 2009-02-09 06:37 . 2009-03-27 07:44 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys 2009-02-09 06:37 . 2009-03-27 07:44 17664 ----a-w c:\windows\system32\drivers\ccdcmb.sys 2009-02-09 06:32 . 2009-03-27 07:44 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll 2009-02-07 17:02 . 2008-04-13 23:01 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 12:24 . 2009-02-06 12:24 56280 ----a-w c:\windows\system32\drivers\epfwtdi.sys 2009-02-06 12:24 . 2009-02-06 12:24 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys 2009-02-06 12:24 . 2009-02-06 12:24 130952 ----a-w c:\windows\system32\drivers\epfw.sys 2009-02-06 12:23 . 2009-02-06 12:23 106208 ----a-w c:\windows\system32\drivers\ehdrv.sys 2009-02-06 12:19 . 2009-02-06 12:19 113448 ----a-w c:\windows\system32\drivers\eamon.sys 2009-02-06 11:11 . 2008-05-06 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2008-05-06 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2008-05-06 12:00 35328 ----a-w c:\windows\system32\sc.exe 2008-05-05 20:14 . 2008-07-20 19:44 34048 ----a-w c:\program files\opera\program\plugins\upd62i9x.dll 2008-05-05 20:14 . 2008-07-20 19:44 45056 ----a-w c:\program files\opera\program\plugins\upd62int.dll . ------- Sigcheck ------- [-] 2008-02-29 14:28 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "PWSActivePrint_5"="c:\program files\Pocket Watch LLC\ActivePrint System\ActivePrintSystem.exe" [2007-11-23 312832] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-11-23 1247232] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-18 4804608] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-09-26 237568] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2007-05-22 405504] "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704] "VX1000"="c:\windows\vVX1000.exe" [2008-08-04 721936] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800] "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-25 77824] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-11-18 323584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-7-22 1205840] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Pocket Watch LLC\\ActivePrint System\\ActivePrintSystem.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [22.7.2008 11:51 104344] R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [15.8.2003 16:10 68480] R3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [10.8.2008 15:49 15104] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [10.8.2008 17:50 9446] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [22.7.2008 11:51 69656] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [6.5.2008 14:00 3584] S3 AVHybrid;AVHybrid service;c:\windows\system32\drivers\AVHybrid.sys [25.3.2009 15:41 1013760] S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?] S3 XRNBO;XRNBO;c:\windows\system32\drivers\XRNBO.sys [4.12.2008 23:19 177152] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . Contents of the 'Scheduled Tasks' folder 2009-05-06 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] 2009-05-06 c:\windows\Tasks\User_Feed_Synchronization-{FFBE3C03-DF8C-4774-A1E5-455995A21427}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - [Link mogu videti samo ulogovani korisnici] FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7avlwnf1.default\ FF - prefs.js: browser.startup.homepage - FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-05-06 23:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN] "ImagePath"="\Sys" . Completion time: 2009-05-06 23:33 ComboFix-quarantined-files.txt 2009-05-06 21:33 ComboFix2.txt 2009-05-06 15:45 Pre-Run: 18.830.905.344 bytes free Post-Run: 18.824.306.688 bytes free 268 --- E O F --- 2009-05-05 00:12

Profil

dr_Bora Poslao: 07 Maj 2009 16:24 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo sada izgleda čisto. Sem ako postoji neki konkretan problem, uradi sledeće: Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi. To bi onda bilo sve.

Profil

gucijan Poslao: 07 Maj 2009 16:38 Idi na vrh
offline gucijan Novi MyCity građanin Pridružio: 27 Sep 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! I meni se čini da je sve ok... Hvala Pozdrav

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem?

Ko je trenutno na forumu

Ukupno su 2181 korisnika na forumu :: 102 registrovanih, 13 sakrivenih i 2066 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aca018, Adaminho1985, Andy, Arhiv, Automaticar, Banovo Brdo, bladesu, bojan581, Bole72, bolenbgd, Boris BM, brundo65, Chainsaw, cojapop, Dejan_vw, Deki Duga Devetka, delrey, Despot Đurađ, DezurniOperativni, djuradj, DLazić, Dovla 1980, draganl, due, Duschi, Ercomero, Ezbuck, Fliper, Fog of War, Futog 74, GT, GveX, HrcAk47, hyla, igorkozar83, Ir, istina, IvanMiletic, jmsk, Kenanjoz, knutveliki, koko19, KonstantinR, Kriglord, Kruger, laganini123, Laluvr, Lelemood, m0nstrum_, mainstream, Malahit, max power, Metanoja, mgolub, Miki01, Milan A. Nikolic, MiljanXD, Milo97, mustangkg, N.e.m.a.nj.a., nerislav2025, nuke92, opt1, Papadubi, pavle_pzs, Podljub, Posmatrac77OKB, predragc, redstar72, Rema000, Resnica, rovac, sekretar, shlauf, Smiljkovich, SOM, spektorsky, Steeeefan, stefan95, synergia, tacija, The Joker, Titan, tooljan, tooooom, trajkoni018, trpche, tvlada, vazduh, vdeki, Velizar Laro, VJ, Vlado82, Volkcho, VX1, yip314, Zastava, Zavulon, ziggy76, Zjmc, zubri, 223223

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by