problemi sa virusima

1

problemi sa virusima

offline
  • Pridružio: 15 Mar 2008
  • Poruke: 16

avast je nasao hrpu svega i svacega i obrisao .Molim da provjerite log i pomognete mi ocistiti komp.Hvala



Logfile of HijackThis v1.99.1
Scan saved at 19:21:09, on 19.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Ivana\Desktop\za nesto\tre.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Techno.FM - English Toolbar - {e711b376-050e-4f6c-88c4-1c22f9c3f611} - C:\Program Files\Techno.FM_-_English\tbTec1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5AB9DDEE-068D-48AF-ABA7-68B1CAFC33B6} - C:\WINDOWS\system32\yayyWNeC.dll (file missing)
O2 - BHO: (no name) - {6584C510-924B-486A-A1A0-E380DE08C2DB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Techno.FM - English Toolbar - {e711b376-050e-4f6c-88c4-1c22f9c3f611} - C:\Program Files\Techno.FM_-_English\tbTec1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Techno.FM - English Toolbar - {e711b376-050e-4f6c-88c4-1c22f9c3f611} - C:\Program Files\Techno.FM_-_English\tbTec1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "d:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [ace34600] rundll32.exe "C:\WINDOWS\system32\kyvayvvb.dll",b
O4 - HKLM\..\Run: [BMafd0759c] Rundll32.exe "C:\WINDOWS\system32\xdjdaivs.dll",s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Ivana\Local Settings\Application Data\smss.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - D:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Download with ImTOO YouTube Video Converter - D:\Program Files\ImTOO\YouTube Video Converter\upod_link.HTM
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: ljJAPGVp - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...



Arrow Privremeno isključi Spybot S&D's Teatimer


Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.



-------------------------------------------------------------------------------------



Arrow Pokreni HijackTHis, skeniraj i čekiraj sledeće linije:

O2 - BHO: (no name) - {5AB9DDEE-068D-48AF-ABA7-68B1CAFC33B6} - C:\WINDOWS\system32\yayyWNeC.dll (file missing)
O2 - BHO: (no name) - {6584C510-924B-486A-A1A0-E380DE08C2DB} - (no file)
O4 - HKLM\..\Run: [ace34600] rundll32.exe "C:\WINDOWS\system32\kyvayvvb.dll",b
O4 - HKLM\..\Run: [BMafd0759c] Rundll32.exe "C:\WINDOWS\system32\xdjdaivs.dll",s
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Ivana\Local Settings\Application Data\smss.exe"
O20 - Winlogon Notify: ljJAPGVp - C:\WINDOWS\


Klikni Fix checked.


-------------------------------------------------------------------------------------


Restartuj kompjuter.

Aktiviraj prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html


Potraži i, ukoliko postoje, obriši sledeće file-ove:

C:\WINDOWS\system32\kyvayvvb.dll
C:\WINDOWS\system32\xdjdaivs.dll
C:\Documents and Settings\Ivana\Local Settings\Application Data\smss.exe




Na kraju, postavi svež HijackThis logfile i napiši da li postoje neki problemi.

offline
  • Pridružio: 15 Mar 2008
  • Poruke: 16

Napravila kako pise.Prilikom dizanja sistema avast javio za
C:\WINDOWS\system32\kyvayvvb.dll i obrisao ga.Ostale skrivene nisam nasla.Sve se dalje dosta vuce .HijackThis lsam nazvala tre.exe a sad pise tre.exe.exe Mora li to biti tako?
Evo novi log

Logfile of HijackThis v1.99.1
Scan saved at 20:56:43, on 19.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Ivana\Desktop\za nesto\tre.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Techno.FM - English Toolbar - {e711b376-050e-4f6c-88c4-1c22f9c3f611} - C:\Program Files\Techno.FM_-_English\tbTec1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Techno.FM - English Toolbar - {e711b376-050e-4f6c-88c4-1c22f9c3f611} - C:\Program Files\Techno.FM_-_English\tbTec1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Techno.FM - English Toolbar - {e711b376-050e-4f6c-88c4-1c22f9c3f611} - C:\Program Files\Techno.FM_-_English\tbTec1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "d:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - D:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Download with ImTOO YouTube Video Converter - D:\Program Files\ImTOO\YouTube Video Converter\upod_link.HTM
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Dopuna: 19 Jul 2008 21:46

Ne znam ima li veze ali kad sam prije htjela skenirati u safe modu pritiskom F8 nista se nije dogodilo.Takodje pritiskom na Ctrl+Alt+Delete ne pokrece se task menager.Komp nije moj pa neznam dali je tako namjesteno ili .......

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poslednji logfile je čist, no proverićemo još nešto...


Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 15 Mar 2008
  • Poruke: 16

Skinula Combo skenirao i restartao komp.Tad su se pokrenuli Adobe instaler i mesenger a combo nije napravio log.

Dopuna: 19 Jul 2008 22:05

Evo ga .Nakon 10 minuta.
ComboFix 08-07-18.5 - Ivana 2008-07-19 21:51:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1579 [GMT 2:00]
Running from: C:\Documents and Settings\Ivana\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMafd0759c.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\bvvyavyk.ini
C:\WINDOWS\system32\CeNWyyay.ini
C:\WINDOWS\system32\CeNWyyay.ini2
C:\WINDOWS\system32\dcswnqyh.ini
C:\WINDOWS\system32\dxmrqric.ini
C:\WINDOWS\system32\ehvfwaun.ini
C:\WINDOWS\system32\gelhfmnk.ini
C:\WINDOWS\system32\jkamdkwa.dll
C:\WINDOWS\system32\jxhccwpb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ntgfkmur.dll
C:\WINDOWS\system32\oqscipre.ini
C:\WINDOWS\system32\pkxkscia.ini
C:\WINDOWS\system32\shiyyhcd.ini
C:\WINDOWS\system32\unvkxqfl.ini
C:\WINDOWS\system32\uswjgerp.ini
C:\WINDOWS\system32\xacwrffj.ini
C:\WINDOWS\system32\xeuiydrn.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))
.

2008-07-19 21:36 . 2008-07-19 21:36 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-16 20:26 . 2008-07-16 20:26 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-16 18:48 . 2008-07-16 18:48 152 --a------ C:\WINDOWS\wininit.ini
2008-07-15 22:13 . 2008-07-16 20:41 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-14 13:38 . 2008-07-14 13:38 1,528,865 --ahs---- C:\WINDOWS\system32\bjhnivrd.tmp
2008-07-09 16:15 . 2008-07-09 16:15 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-03 17:39 . 2008-07-03 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\espionServerData
2008-07-02 14:29 . 2008-07-09 12:40 <DIR> d-------- C:\Temp
2008-07-02 14:29 . 2008-07-02 14:29 <DIR> d-------- C:\Documents and Settings\Ivana\Application Data\Syntrillium
2008-07-02 14:27 . 2008-07-02 14:30 <DIR> d-------- C:\Program Files\coolpro2
2008-07-02 12:01 . 2008-07-02 12:01 1,713,525 --ahs---- C:\WINDOWS\system32\vgvkyntp.tmp
2008-07-02 12:01 . 2008-07-02 12:01 294 --ahs---- C:\WINDOWS\system32\jowcdkur.ini
2008-07-02 11:58 . 2008-07-16 18:33 110,462 --a------ C:\WINDOWS\BMafd0759c.xml
2008-07-01 23:52 . 2008-07-01 23:52 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-07-01 23:50 . 2008-07-01 23:50 <DIR> d-------- C:\Program Files\Outsim
2008-07-01 23:48 . 2008-07-01 23:51 <DIR> d-------- C:\Program Files\Image-Line
2008-07-01 23:47 . 2008-07-01 23:47 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-07-01 23:47 . 2008-07-01 23:47 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-07-01 22:45 . 2008-07-01 22:45 <DIR> d-------- C:\Program Files\Bonjour
2008-07-01 22:28 . 2008-07-01 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-01 22:19 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-07-01 22:19 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-07-01 22:09 . 2008-07-01 22:09 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-30 21:08 . 2008-07-16 20:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-30 21:08 . 2008-07-16 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 20:59 . 2008-06-30 20:59 1,652 --ah----- C:\aaw7boot.cmd
2008-06-30 20:27 . 2008-06-30 20:27 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-30 20:27 . 2008-06-30 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-30 18:23 . 2008-06-30 18:23 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-30 18:23 . 2008-06-30 18:23 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-06-27 15:55 . 2008-07-15 18:57 <DIR> d-------- C:\Documents and Settings\Ivana\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 16:55 --------- d-----w C:\Documents and Settings\Ivana\Application Data\uTorrent
2008-07-16 18:42 --------- d-----w C:\Documents and Settings\Ivana\Application Data\My Games
2008-07-14 10:33 --------- d-----w C:\Program Files\Techno.FM_-_English
2008-07-01 21:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-01 21:51 --------- d-----w C:\Program Files\VstPlugins
2008-07-01 20:24 --------- d-----w C:\Program Files\QuickTime
2008-06-30 18:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 10:01 --------- d-----w C:\Documents and Settings\Ivana\Application Data\Microsoft Games
2008-06-22 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 21:57 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-15 21:57 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-15 21:56 --------- d-----w C:\Program Files\AGEIA Technologies
2008-06-15 18:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-15 18:06 22,328 ----a-w C:\Documents and Settings\Ivana\Application Data\PnkBstrK.sys
2008-06-14 11:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-13 17:50 --------- d-----w C:\Program Files\OpenAL
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 06:28 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-06-08 13:38 --------- d-----w C:\Program Files\Common Files\DirectX
2008-06-07 21:24 --------- d-----w C:\Documents and Settings\Ivana\Application Data\Ubisoft
2008-06-07 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-06-03 13:08 --------- d-----w C:\Documents and Settings\Ivana\Application Data\Winamp
2008-05-24 22:19 --------- d-----w C:\Documents and Settings\Ivana\Application Data\Samsung
2008-05-22 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-05-22 11:47 --------- d-----w C:\Program Files\ATI Technologies
2008-05-21 16:36 --------- d-----w C:\Documents and Settings\Ivana\Application Data\dvdcss
2008-05-20 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-05-20 17:28 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-03-19 13:55 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-03-19 13:55 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-03-19 13:55 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031920080320\index.dat
2008-03-19 13:55 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-04-16 00:25 1694208]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="d:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 12:08 16342528 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\igre\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12375:TCP"= 12375:TCP:BitCometBeta 12375 TCP
"12375:UDP"= 12375:UDP:BitCometBeta 12375 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 11:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
"2008-07-19 19:50:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-19 21:55:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-07-19 22:03:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-19 20:02:22

Pre-Run: 54,624,468,992 bytes free
Post-Run: 54,441,963,520 bytes free

185 --- E O F --- 2008-06-27 14:13:04

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Otvoriti Notepad i iskopirati sledeci tekst:


File::
C:\WINDOWS\system32\bjhnivrd.tmp
C:\WINDOWS\system32\vgvkyntp.tmp
C:\WINDOWS\system32\jowcdkur.ini
C:\WINDOWS\BMafd0759c.xml



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



-------------------------------------------------------------------------------------



Nakon toga...

Arrow Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

offline
  • Pridružio: 15 Mar 2008
  • Poruke: 16

Ovo cu napraviti sutra, nemogu sada posto comp nije moj.Hvala na trudu. Do sutra ...
Pozdrav

Dopuna: 20 Jul 2008 17:31

ComboFix 08-07-18.5 - Ivana 2008-07-20 17:24:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1508 [GMT 2:00]
Running from: C:\Documents and Settings\Ivana\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ivana\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BMafd0759c.xml
C:\WINDOWS\system32\bjhnivrd.tmp
C:\WINDOWS\system32\jowcdkur.ini
C:\WINDOWS\system32\vgvkyntp.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMafd0759c.xml
C:\WINDOWS\system32\bjhnivrd.tmp
C:\WINDOWS\system32\jowcdkur.ini
C:\WINDOWS\system32\vgvkyntp.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-19 21:36 . 2008-07-19 21:36 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-16 20:26 . 2008-07-16 20:26 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-16 18:48 . 2008-07-16 18:48 152 --a------ C:\WINDOWS\wininit.ini
2008-07-15 22:13 . 2008-07-16 20:41 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-09 16:15 . 2008-07-09 16:15 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-03 17:39 . 2008-07-03 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\espionServerData
2008-07-02 14:29 . 2008-07-20 13:55 <DIR> d-------- C:\Temp
2008-07-02 14:29 . 2008-07-02 14:29 <DIR> d-------- C:\Documents and Settings\Ivana\Application Data\Syntrillium
2008-07-02 14:27 . 2008-07-02 14:30 <DIR> d-------- C:\Program Files\coolpro2
2008-07-01 23:52 . 2008-07-01 23:52 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-07-01 23:50 . 2008-07-01 23:50 <DIR> d-------- C:\Program Files\Outsim
2008-07-01 23:48 . 2008-07-01 23:51 <DIR> d-------- C:\Program Files\Image-Line
2008-07-01 23:47 . 2008-07-01 23:47 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-07-01 23:47 . 2008-07-01 23:47 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-07-01 22:45 . 2008-07-01 22:45 <DIR> d-------- C:\Program Files\Bonjour
2008-07-01 22:28 . 2008-07-01 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-01 22:19 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-07-01 22:19 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-07-01 22:09 . 2008-07-01 22:09 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-30 21:08 . 2008-07-16 20:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-30 21:08 . 2008-07-16 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 20:59 . 2008-06-30 20:59 1,652 --ah----- C:\aaw7boot.cmd
2008-06-30 20:27 . 2008-06-30 20:27 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-30 20:27 . 2008-06-30 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-30 18:23 . 2008-06-30 18:23 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-06-27 15:55 . 2008-07-15 18:57 <DIR> d-------- C:\Documents and Settings\Ivana\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 12:54 --------- d-----w C:\Documents and Settings\Ivana\Application Data\uTorrent
2008-07-16 18:42 --------- d-----w C:\Documents and Settings\Ivana\Application Data\My Games
2008-07-14 10:33 --------- d-----w C:\Program Files\Techno.FM_-_English
2008-07-01 21:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-01 21:51 --------- d-----w C:\Program Files\VstPlugins
2008-07-01 20:24 --------- d-----w C:\Program Files\QuickTime
2008-06-30 18:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 10:01 --------- d-----w C:\Documents and Settings\Ivana\Application Data\Microsoft Games
2008-06-22 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 21:57 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-15 21:57 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-15 21:56 --------- d-----w C:\Program Files\AGEIA Technologies
2008-06-15 18:06 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-06-15 18:06 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-15 18:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-15 18:06 22,328 ----a-w C:\Documents and Settings\Ivana\Application Data\PnkBstrK.sys
2008-06-15 18:06 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-14 11:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-14 10:37 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-14 10:37 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-14 10:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-13 17:50 --------- d-----w C:\Program Files\OpenAL
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 06:28 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-06-08 13:38 --------- d-----w C:\Program Files\Common Files\DirectX
2008-06-07 21:24 --------- d-----w C:\Documents and Settings\Ivana\Application Data\Ubisoft
2008-06-07 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-06-03 13:08 --------- d-----w C:\Documents and Settings\Ivana\Application Data\Winamp
2008-05-24 22:19 --------- d-----w C:\Documents and Settings\Ivana\Application Data\Samsung
2008-05-22 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-05-22 11:47 --------- d-----w C:\Program Files\ATI Technologies
2008-05-21 16:36 --------- d-----w C:\Documents and Settings\Ivana\Application Data\dvdcss
2008-05-20 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-05-20 17:28 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-28 13:53 805,400 ----a-r C:\WINDOWS\system32\tmp1F7C.tmp
2008-04-28 13:53 805,400 ----a-r C:\WINDOWS\system32\tmp1F7B.tmp
2008-04-28 13:53 805,400 ----a-r C:\WINDOWS\system32\tmp10AD.tmp
2008-04-28 13:53 805,400 ----a-r C:\WINDOWS\system32\tmp10AC.tmp
2008-04-23 03:35 827,392 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-19 13:55 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-03-19 13:55 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-03-19 13:55 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031920080320\index.dat
2008-03-19 13:55 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-19_22.01.57.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 14:12:47 593,920 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-07-19 20:12:59 593,920 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-06-27 14:12:47 12,288 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-07-19 20:12:59 12,288 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-06-27 14:12:47 86,016 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-07-19 20:12:59 86,016 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-06-27 14:12:47 135,168 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-07-19 20:12:59 135,168 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-27 14:12:47 11,264 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-07-19 20:12:59 11,264 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-27 14:12:47 27,136 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-07-19 20:12:59 27,136 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-27 14:12:47 4,096 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-19 20:12:59 4,096 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-27 14:12:48 794,624 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-07-19 20:12:59 794,624 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-27 14:12:47 249,856 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-07-19 20:12:59 249,856 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-06-27 14:12:47 61,440 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-07-19 20:12:59 61,440 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-06-27 14:12:48 23,040 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-07-19 20:12:59 23,040 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-06-27 14:12:46 286,720 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-07-19 20:12:59 286,720 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-27 14:12:46 409,600 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-19 20:12:59 409,600 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2004-08-03 22:14:16 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:08 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-02-20 05:19:35 147,968 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:36:11 147,968 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-03 23:56:46 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:36:11 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2007-10-30 16:53:32 360,832 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:44:42 360,960 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-04-15 21:23:36 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:32:39 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-07-20 15:13:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-04-16 00:25 1694208]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="d:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 12:08 16342528 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\igre\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12375:TCP"= 12375:TCP:BitCometBeta 12375 TCP
"12375:UDP"= 12375:UDP:BitCometBeta 12375 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 11:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-20 12:50:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-20 17:26:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-20 17:27:33
ComboFix-quarantined-files.txt 2008-07-20 15:27:28
ComboFix2.txt 2008-07-19 20:03:30

Pre-Run: 54,617,620,480 bytes free
Post-Run: 55,080,882,176 bytes free

236 --- E O F --- 2008-07-20 12:56:42

Dopuna: 20 Jul 2008 18:03

Napravila scan sa gmer-om
mycity.rs/must-login.png

mycity.rs/must-login.png

Nadam se da sam dobro napravila

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

offline
  • Pridružio: 15 Mar 2008
  • Poruke: 16

A zasto nemogu uci u safe mode tipkom F8?
Komp se i dalje vuce tj.sporo se dize i spusta sistem.Kako sam to lijepo napisala.
Hvala na pomoci
Pozdrav

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovako...

Malware-a ovde više nema (tj. nema bilo šta što neki od alata koje koristimo može da pokaže).

Što se tiče ulaska u Safe Mode... U čemu je tačno problem?
Windows neće da se pokrene kada izabereš Safe Mode ili uopšte ne možeš doći u priliku da izabereš startovanje Safe Mode-a?

U principu, to je pitanje za forum Windows (ili Hardware) i najbolje je da tamo izložiš problem (precizno opiši o čemu se radi).

Što se tiče brzine rada... Isključi neke od programa koji se startuju sa Windows-om, obriši privremene file-ove i defragmentuj hard disk.
To bi trebalo bar malo da pomogne.

Ko je trenutno na forumu
 

Ukupno su 671 korisnika na forumu :: 39 registrovanih, 6 sakrivenih i 626 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., bojank, BRATORIII, brundo65, Buzdovan, cikadeda, djboj, Dorcolac, Dukelander, h8propaganda, hatman, helen1, JOntra, Kiki2004, Kotarle, kovinacc, KUZMAR, liman, marsovac 2, mnn2, Nebo_M, nobutado, pedjolino76, Roman, Rosen Rusev, rovac, royst33, ruseskij, S.Palestinac, sabros, Sass Drake, segax1, t84dar, Toni, UncleSAM, x9, zajcev1, 1107, 79693