Možda tražite i:
Problem sa CD uredjajem
Problem za problemom!
Net transport - streaming download problem
Problem sa forumom

MyCity » Ambulanta -> Arhiva Ambulante » problem

problem

Napisano na dan: 31.7.2009

problem

Sledeća strana

Pagination

Odgovori

drama Poslao: 31 Jul 2009 22:16 Idi na vrh
offline drama Građanin Pridružio: 24 Jan 2009 Poruke: 87	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:13:12 PM, on 7/31/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Documents and Settings\Milos\Policies\catsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\WINDOWS\System32\TuneUpDefragService.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Milos\Desktop\New Folder\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.divx.com/postinstall/win/en R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [catsrv] C:\Documents and Settings\Milos\Policies\catsrv.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Milos\Policies\catsrv.exe -AutoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 9547 bytes Imam problem sto mi malo koci racunar i takodje malo veci problem sto mi microsoft office ne radi tj izbacuje mi poruku da nemam dovoljno memorije te da ne moze da se pokrene.Iako imam na hardu slobodno 60tak GB kao i 2 Gb Ram memorije. Hvala unapred

Profil

Bogdan-Tc Poslao: 01 Avg 2009 00:31 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav Preuzmi SysProt AntiRootkit sa sledeće stranice: SysProt downlaod Na strani koja se otvori treba kliknuti "here" link. Raspakuj arhivu u neki folder (uputstvo), a zatim: dvoklikom pokreni program i pređi na Log karticu; štikliraj svih osam stavki i klikni Create log; nakon određenog vremena će se pojaviti upit u kome treba obeležiti Scan root drive only i kliknuti Start; po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK; izveštaj (log) će biti sačuvan u istom folderu u kome se nalazi i sam program. Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.

Profil

drama Poslao: 01 Avg 2009 08:00 Idi na vrh
offline drama Građanin Pridružio: 24 Jan 2009 Poruke: 87	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 01 Avg 2009 21:26 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Idemo dalje... Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

drama Poslao: 02 Avg 2009 15:24 Idi na vrh
offline drama Građanin Pridružio: 24 Jan 2009 Poruke: 87	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 01 Avg 2009 22:25 ComboFix 09-07-31.04 - Milos 08/01/2009 22:17.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1534 [GMT 2:00] Running from: c:\documents and settings\Milos\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090801-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Milos\Desktop\Secret Service.lnk c:\windows\Installer\2bed7b.msi c:\windows\system32\AutoRun.inf . ((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 ))))))))))))))))))))))))))))))) . 2009-08-01 04:35 . 2009-08-01 04:35 -------- d-----w- c:\documents and settings\Milos\Application Data\Leadertech 2009-08-01 04:30 . 2009-08-01 04:30 -------- d-----w- c:\program files\EA Sports 2009-08-01 04:29 . 2009-08-01 04:30 -------- d-----w- c:\windows\LastGood 2009-07-31 16:00 . 2009-07-31 16:01 -------- d-----w- C:\Buziol Games 2009-07-31 14:33 . 2009-07-31 14:33 -------- d-----w- c:\documents and settings\Milos\Application Data\CyberLink 2009-07-31 09:48 . 2009-07-31 11:40 -------- d-----w- c:\program files\ApexDC++ 2009-07-31 08:24 . 2009-07-31 08:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-07-31 08:17 . 2009-07-31 08:17 -------- d-----w- c:\documents and settings\Milos\WINDOWS 2009-07-30 20:57 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-07-30 20:52 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-07-30 20:51 . 2009-07-30 20:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-07-30 20:51 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe 2009-07-30 20:51 . 2009-07-30 20:51 -------- d-----w- c:\program files\Lavasoft 2009-07-30 17:36 . 2009-07-30 17:36 -------- d-----w- c:\documents and settings\Milos\Application Data\Desktopicon 2009-07-30 17:36 . 2009-07-30 17:36 -------- d-----w- c:\program files\Unlocker 2009-07-30 09:45 . 2009-07-30 09:45 -------- d-sh--w- c:\windows\ftpcache 2009-07-30 09:42 . 2009-07-30 09:42 -------- d-----w- c:\program files\Activision Value 2009-07-30 08:20 . 2009-07-30 08:20 -------- d-----w- c:\documents and settings\Milos\Application Data\BlackBean 2009-07-30 07:22 . 2009-07-30 07:22 -------- d-----w- c:\windows\Cache 2009-07-30 07:15 . 2009-07-30 07:15 -------- d-----w- c:\documents and settings\Milos\Local Settings\Application Data\HP 2009-07-29 20:49 . 2009-07-29 20:49 -------- d-----w- c:\program files\Jufsoft 2009-07-28 14:15 . 2009-05-18 09:00 208896 ----a-w- c:\windows\system32\WinSys2.exe 2009-07-28 14:15 . 2009-05-18 09:00 131072 ----a-w- c:\windows\system32\smdll.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-01 15:39 . 2002-01-02 15:06 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-31 08:35 . 2002-01-03 18:22 -------- d-----w- c:\program files\KONAMI 2009-07-30 20:51 . 2002-01-02 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-07-30 20:51 . 2002-01-02 20:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-30 20:24 . 2002-01-03 00:32 -------- d-----w- c:\program files\UBISOFT 2009-07-30 09:54 . 2002-01-02 21:29 -------- d-----w- c:\program files\mIRC 2009-07-29 21:07 . 2002-01-02 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2009-07-13 12:36 . 2002-01-02 20:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 12:36 . 2002-01-02 20:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-06 15:10 . 2002-01-02 15:06 5788672 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-07-02 17:11 . 2002-01-02 15:06 18665472 ----a-w- c:\windows\RTHDCPL.EXE 2009-06-26 12:37 . 2002-01-02 15:06 40960 ----a-w- c:\windows\system32\RtkCoInstXP.dll 2009-06-24 08:43 . 2002-01-02 15:06 831488 ----a-r- c:\windows\RtlExUpd.dll 2009-06-22 15:39 . 2002-01-02 15:06 1482752 ----a-w- c:\windows\RtlUpd.exe 2009-06-02 16:11 . 2002-01-02 21:44 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-05-29 21:37 . 2002-01-02 21:44 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-05-29 21:31 . 2002-01-02 21:44 881664 ----a-w- c:\windows\system32\xvidcore.dll 2009-05-18 09:00 . 2009-07-28 14:14 614400 ----a-w- c:\windows\system32\msvcr80.dll 2009-05-18 09:00 . 2009-07-28 14:14 1798144 ----a-w- c:\windows\system32\msicpl.dll 2009-05-18 09:00 . 2009-07-28 14:14 130048 ----a-w- c:\windows\system32\MadCHook.dll 2009-05-18 09:00 . 2009-07-28 14:14 32768 ----a-w- c:\windows\system32\Auxiliary.dll 2009-07-15 20:30 . 2002-01-02 17:01 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Google Update"="c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2002-01-02 133104] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856] "catsrv"="c:\documents and settings\Milos\Policies\catsrv.exe" [2007-04-09 626176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "WinSys2"="c:\windows\system32\winsys2.exe" [2009-05-18 208896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2002-01-02 148888] "catsrv"="c:\documents and settings\Milos\Policies\catsrv.exe" [2007-04-09 626176] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-07-02 18665472] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Milos\\Policies\\catsrv.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"= "c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\Program Files\\ApexDC++\\ApexDC.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Jelen Super Liga.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/30/2009 10:52 PM 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/2/2002 5:19 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/2/2002 5:19 PM 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/3/2002 1:34 AM 55152] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1/2/2002 10:18 PM 604416] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 4:49 PM 1029456] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/2/2002 5:06 PM 1684736] S3 fsssvc;Windows Live Porodicna bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360] --- Other Services/Drivers In Memory --- Deregistered - SysProtDrv.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-08-01 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37] 2009-07-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49] 2009-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-329068152-839522115-1003Core.job - c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-02 19:27] 2009-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-329068152-839522115-1003UA.job - c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-02 19:27] . - - - - ORPHANS REMOVED - - - - Notify-WgaLogon - (no file) . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/postinstall/win/en IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Milos\Application Data\Mozilla\Firefox\Profiles\fyuod080.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - plugin: c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-08-01 22:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-08-01 22:20 ComboFix-quarantined-files.txt 2009-08-01 20:20 Pre-Run: 62,275,203,072 bytes free Post-Run: 62,252,085,248 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 214 Dopuna: 02 Avg 2009 15:24 Primetih da mi je sad malo brzi komp.trebalo bi da je to to ili...?

Profil

Bogdan-Tc Poslao: 02 Avg 2009 23:39 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nismo još završili. Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\Documents and Settings\Milos\Policies\catsrv.exe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "catsrv"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "catsrv"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\Milos\\Policies\\catsrv.exe"=- DirLook:: c:\documents and settings\Milos\WINDOWS` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

drama Poslao: 10 Avg 2009 08:46 Idi na vrh
offline drama Građanin Pridružio: 24 Jan 2009 Poruke: 87	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini sto kasnim,nisam bio kuci,evo: ComboFix 09-08-09.04 - Milos 08/10/2009 8:42.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1549 [GMT 2:00] Running from: c:\documents and settings\Milos\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Milos\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090809-0] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\documents and settings\Milos\Policies\catsrv.exe" . ((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 ))))))))))))))))))))))))))))))) . 2009-08-10 06:11 . 2009-08-10 06:11 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-08-10 06:11 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll 2009-08-10 06:11 . 2009-08-10 06:11 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-08-10 06:10 . 2009-08-10 06:10 -------- d-----w- c:\windows\LastGood 2009-08-02 15:48 . 2009-08-02 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Digsby 2009-08-02 15:47 . 2009-08-02 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Winferno 2009-08-02 15:46 . 2009-08-02 15:51 -------- d-----w- c:\documents and settings\Milos\Local Settings\Application Data\Digsby 2009-08-02 15:46 . 2009-08-02 15:48 -------- d-----w- c:\documents and settings\Milos\Application Data\Digsby 2009-08-02 15:03 . 2009-08-02 15:03 -------- d-----w- c:\program files\Reshade 2009-08-02 14:54 . 2009-08-02 14:54 -------- d-----w- c:\program files\Pravoslavac 2009-08-02 14:47 . 2009-08-02 14:47 -------- d-----w- c:\program files\DiskTrix 2009-08-02 14:39 . 2009-08-02 14:39 -------- d-----w- c:\documents and settings\Milos\Application Data\Recordpad 2009-08-02 11:04 . 2009-08-02 11:04 -------- d-----w- c:\documents and settings\Milos\Local Settings\Application Data\Help 2009-08-02 10:49 . 2009-08-02 10:49 -------- d-----w- c:\windows\SHELLNEW 2009-08-02 10:34 . 2009-08-07 19:12 1 ----a-w- c:\documents and settings\Milos\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-08-02 10:34 . 2009-08-02 10:34 -------- d-----w- c:\documents and settings\Milos\Application Data\OpenOffice.org 2009-08-02 10:31 . 2009-08-02 10:32 -------- d-----w- c:\program files\OpenOffice.org 3 2009-08-02 08:17 . 2009-08-02 14:42 -------- d-----w- c:\documents and settings\Milos\Application Data\Spyware Terminator 2009-08-02 08:17 . 2009-08-02 08:17 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe 2009-08-02 08:17 . 2009-08-02 08:17 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys 2009-08-02 08:17 . 2009-08-02 08:17 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2009-08-02 08:17 . 2009-08-02 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2009-08-02 08:17 . 2009-08-02 08:20 -------- d-----w- c:\program files\Spyware Terminator 2009-08-02 08:10 . 2004-03-22 20:17 24816 ----a-w- c:\windows\system32\mdimon.dll 2009-08-01 21:57 . 2009-08-06 20:56 -------- d-----w- c:\program files\AskBarDis 2009-08-01 21:41 . 2009-08-01 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis 2009-08-01 21:30 . 2009-08-01 21:30 -------- d-----w- c:\program files\Idoru 2009-08-01 04:35 . 2009-08-01 04:35 -------- d-----w- c:\documents and settings\Milos\Application Data\Leadertech 2009-08-01 04:30 . 2009-08-01 04:30 -------- d-----w- c:\program files\EA Sports 2009-07-31 14:33 . 2009-07-31 14:33 -------- d-----w- c:\documents and settings\Milos\Application Data\CyberLink 2009-07-31 09:48 . 2009-07-31 11:40 -------- d-----w- c:\program files\ApexDC++ 2009-07-31 08:24 . 2009-07-31 08:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-07-31 08:17 . 2009-07-31 08:17 -------- d-----w- c:\documents and settings\Milos\WINDOWS 2009-07-30 20:57 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-07-30 20:52 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-07-30 20:51 . 2009-07-30 20:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-07-30 20:51 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe 2009-07-30 20:51 . 2009-07-30 20:51 -------- d-----w- c:\program files\Lavasoft 2009-07-30 17:36 . 2009-07-30 17:36 -------- d-----w- c:\documents and settings\Milos\Application Data\Desktopicon 2009-07-30 17:36 . 2009-07-30 17:36 -------- d-----w- c:\program files\Unlocker 2009-07-30 09:45 . 2009-07-30 09:45 -------- d-sh--w- c:\windows\ftpcache 2009-07-30 08:20 . 2009-07-30 08:20 -------- d-----w- c:\documents and settings\Milos\Application Data\BlackBean 2009-07-30 07:22 . 2009-07-30 07:22 -------- d-----w- c:\windows\Cache 2009-07-30 07:15 . 2009-07-30 07:15 -------- d-----w- c:\documents and settings\Milos\Local Settings\Application Data\HP 2009-07-29 20:49 . 2009-07-29 20:49 -------- d-----w- c:\program files\Jufsoft 2009-07-28 14:15 . 2009-05-18 09:00 208896 ----a-w- c:\windows\system32\WinSys2.exe 2009-07-28 14:15 . 2009-05-18 09:00 131072 ----a-w- c:\windows\system32\smdll.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-10 06:11 . 2002-01-02 20:16 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-08-06 09:17 . 2002-01-02 15:06 72168 ----a-w- c:\documents and settings\Milos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-02 14:39 . 2002-01-02 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2009-08-02 14:39 . 2002-01-02 20:15 -------- d-----w- c:\program files\NCH Swift Sound 2009-08-02 14:39 . 2002-01-02 20:15 -------- d-----w- c:\documents and settings\Milos\Application Data\NCH Swift Sound 2009-08-02 13:45 . 2002-01-02 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-02 08:19 . 2002-01-02 15:38 -------- d-----w- c:\program files\MV2 Player 2009-08-02 07:29 . 2002-01-02 15:16 -------- d-----w- c:\program files\MSBuild 2009-08-01 23:01 . 2002-01-02 15:17 -------- d-----w- c:\program files\Microsoft Works 2009-08-01 22:02 . 2002-01-02 15:06 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-31 08:35 . 2002-01-03 18:22 -------- d-----w- c:\program files\KONAMI 2009-07-30 20:51 . 2002-01-02 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-07-30 20:51 . 2002-01-02 20:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-30 20:24 . 2002-01-03 00:32 -------- d-----w- c:\program files\UBISOFT 2009-07-30 09:54 . 2002-01-02 21:29 -------- d-----w- c:\program files\mIRC 2009-07-29 21:07 . 2002-01-02 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2009-07-13 12:36 . 2002-01-02 20:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 12:36 . 2002-01-02 20:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-06 15:10 . 2002-01-02 15:06 5788672 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-07-02 17:11 . 2002-01-02 15:06 18665472 ----a-w- c:\windows\RTHDCPL.EXE 2009-06-26 12:37 . 2002-01-02 15:06 40960 ----a-w- c:\windows\system32\RtkCoInstXP.dll 2009-06-24 08:43 . 2002-01-02 15:06 831488 ----a-r- c:\windows\RtlExUpd.dll 2009-06-22 15:39 . 2002-01-02 15:06 1482752 ----a-w- c:\windows\RtlUpd.exe 2009-06-02 16:11 . 2002-01-02 21:44 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-05-29 21:37 . 2002-01-02 21:44 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-05-29 21:31 . 2002-01-02 21:44 881664 ----a-w- c:\windows\system32\xvidcore.dll 2009-05-18 09:00 . 2009-07-28 14:14 614400 ----a-w- c:\windows\system32\msvcr80.dll 2009-05-18 09:00 . 2009-07-28 14:14 1798144 ----a-w- c:\windows\system32\msicpl.dll 2009-05-18 09:00 . 2009-07-28 14:14 130048 ----a-w- c:\windows\system32\MadCHook.dll 2009-05-18 09:00 . 2009-07-28 14:14 32768 ----a-w- c:\windows\system32\Auxiliary.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\Milos\WINDOWS ---- ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-10-15 10:59 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-15 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-15 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2002-01-02 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "WinSys2"="c:\windows\system32\winsys2.exe" [2009-05-18 208896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2002-01-02 148888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-07-02 18665472] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^Milos^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\documents and settings\Milos\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Milos^Start Menu^Programs^Startup^Pravoslavac 2008.lnk] path=c:\documents and settings\Milos\Start Menu\Programs\Startup\Pravoslavac 2008.lnk backup=c:\windows\pss\Pravoslavac 2008.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"= "c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\Program Files\\ApexDC++\\ApexDC.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Jelen Super Liga.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\DiskTrix\\UltimateDefrag2008\\UDefrag.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/30/2009 10:52 PM 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/2/2002 5:19 PM 114768] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/2/2009 10:17 AM 142592] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/2/2002 5:19 PM 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/3/2002 1:34 AM 55152] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/10/2009 8:11 AM 604488] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 4:49 PM 1029456] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/2/2002 5:06 PM 1684736] S3 fsssvc;Windows Live Porodicna bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360] --- Other Services/Drivers In Memory --- NewlyCreated - TUNEUP.PROGRAMSTATISTICSSVC NewlyCreated - UXTUNEUP [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-08-10 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54] 2009-08-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49] 2009-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-329068152-839522115-1003Core.job - c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-02 19:27] 2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-329068152-839522115-1003UA.job - c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-02 19:27] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.rs/ uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/postinstall/win/en IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Milos\Application Data\Mozilla\Firefox\Profiles\fyuod080.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101810&l=dis FF - plugin: c:\documents and settings\Milos\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-08-10 08:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3796) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-08-10 8:44 ComboFix-quarantined-files.txt 2009-08-10 06:44 ComboFix2.txt 2009-08-10 06:37 ComboFix3.txt 2009-08-01 20:20 Pre-Run: 61,140,901,888 bytes free Post-Run: 61,122,555,904 bytes free 258

Profil

Bogdan-Tc Poslao: 10 Avg 2009 16:25 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo sada izgleda ok, nema više tragova malware_a. Ostalo je još samo da uklonimo ComboFix. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem

Ko je trenutno na forumu

Ukupno su 504 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 498 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: deimos25, milenko crazy north, Milos ZA, ruma, voja64, vukovi

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by