MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Generic Host for Win32 Services

Problem sa Generic Host for Win32 Services

Napisano na dan: 6.9.2008

Problem sa Generic Host for Win32 Services

Sledeća strana

Pagination

Odgovori

Nikolavla Poslao: 06 Sep 2008 20:06 Idi na vrh
offline Nikolavla Građanin Pridružio: 23 Mar 2008 Poruke: 68	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Ranije sam imao isti ovaj problem (mislim da je to bilo prosle godine). Sada sam formatirao HDD i instalirao WIN XP SP2 i ponovo imam taj virus. Posle nekog vremena pojavi mi se prozor na kom pise Generic Host process for win32 services i dva buttona Send Error Report i Don't Send. Posle toga se moja internet konekcija iskljuci i da bi se ponovo konektovao na internet moram da restartujem kompjuter. Molim vas pomozite mi sto pre, ovaj virus me mnogo nervira. Hvala unapred. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:54:27 PM, on 9/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: J:\WINDOWS\System32\smss.exe J:\WINDOWS\system32\winlogon.exe J:\WINDOWS\system32\services.exe J:\WINDOWS\system32\lsass.exe J:\WINDOWS\system32\svchost.exe J:\WINDOWS\System32\svchost.exe J:\WINDOWS\system32\spoolsv.exe J:\WINDOWS\system32\nvsvc32.exe J:\WINDOWS\Explorer.EXE J:\WINDOWS\system32\RunDLL32.exe J:\WINDOWS\system32\Rundll32.exe J:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe J:\Program Files\Winamp\winamp.exe J:\Program Files\Opera\opera.exe C:\totalcmd\TOTALCMD.EXE J:\WINDOWS\system32\dwwin.exe J:\Documents and Settings\DJ\Desktop\New Folder\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - J:\Program Files\FlashGet\jccatch.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - J:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] J:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] J:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [googletalk] J:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKCU\..\Run: [kamsoft] J:\WINDOWS\system32\ckvo.exe O4 - HKCU\..\Run: [MSMSGS] "J:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: DSLMON.lnk = J:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Download All with FlashGet - J:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - J:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - J:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - J:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{2CCAE6FD-0F64-47E6-94F5-0CF3111D88BF}: NameServer = 80.74.164.249,80.74.160.38 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 80.74.164.249 80.74.160.38 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 80.74.164.249 80.74.160.38 O17 - HKLM\System\CS3\Services\Tcpip\..\{2CCAE6FD-0F64-47E6-94F5-0CF3111D88BF}: NameServer = 80.74.164.249,80.74.160.38 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 80.74.164.249 80.74.160.38 O17 - HKLM\System\CS4\Services\Tcpip\..\{2CCAE6FD-0F64-47E6-94F5-0CF3111D88BF}: NameServer = 80.74.164.249,80.74.160.38 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 80.74.164.249 80.74.160.38 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe -- End of file - 3674 bytes

Profil

bobby Poslao: 06 Sep 2008 22:10 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Nikolavla Poslao: 07 Sep 2008 13:37 Idi na vrh
offline Nikolavla Građanin Pridružio: 23 Mar 2008 Poruke: 68	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ComboFix log file-a: ComboFix 08-09-05.02 - DJ 2008-09-07 13:24:31.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.732 [GMT 2:00] Running from: J:\Documents and Settings\DJ\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . J:\autorun.inf J:\Program Files\SunPorn J:\Program Files\SunPorn\unins000.dat J:\Program Files\SunPorn\unins000.exe J:\WINDOWS\system32\ckvo.exe J:\WINDOWS\system32\ckvo0.dll J:\WINDOWS\system32\drivers\msliksurserv.sys J:\WINDOWS\system32\msliksurcredo.dll J:\WINDOWS\system32\msliksurdns.dll . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-06 22:00 . 2005-05-26 15:34 2,297,552 --a------ J:\WINDOWS\system32\d3dx9_26.dll 2008-09-06 21:56 . 2008-09-06 21:56 82,774 --a------ J:\WINDOWS\Uninstall Jade Empire.exe 2008-09-06 20:51 . 2007-07-19 18:14 3,727,720 --a------ J:\WINDOWS\system32\d3dx9_35.dll 2008-09-06 20:51 . 2007-04-04 18:53 81,768 --a------ J:\WINDOWS\system32\xinput1_3.dll 2008-09-06 20:03 . 2008-09-06 20:03 <DIR> d-------- J:\Program Files\EndlessOnline 2008-09-06 18:09 . 2008-09-06 18:09 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\skypePM 2008-09-06 18:09 . 2008-09-06 18:09 32 --a------ J:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-09-06 18:08 . 2008-09-06 19:47 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\Skype 2008-09-06 18:07 . 2008-09-06 18:07 <DIR> d-------- J:\Program Files\Skype 2008-09-06 18:07 . 2008-09-06 18:07 <DIR> d-------- J:\Program Files\Common Files\Skype 2008-09-06 18:07 . 2008-09-06 18:07 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\Skype 2008-09-06 16:18 . 2008-09-06 16:44 <DIR> d-------- J:\Program Files\Client 2008-09-06 16:18 . 2008-09-06 16:18 249,856 --------- J:\WINDOWS\Setup1.exe 2008-09-06 16:18 . 2008-09-06 16:18 73,216 --a------ J:\WINDOWS\ST6UNST.EXE 2008-09-06 14:49 . 2008-09-06 14:49 <DIR> d-------- J:\Program Files\Winamp 2008-09-06 13:35 . 2008-09-06 13:35 <DIR> d-------- J:\WINDOWS\system32\Data 2008-09-06 13:34 . 2008-09-06 13:34 <DIR> d-------- J:\Program Files\Google 2008-09-06 13:05 . 2006-12-22 13:18 316,416 --a------ J:\WINDOWS\system32\unaddrv.x64.exe 2008-09-06 13:03 . 2008-09-06 13:03 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\InstallShield 2008-09-06 13:01 . 2008-09-06 13:01 <DIR> d-------- J:\Program Files\SAGEM 2008-09-06 12:55 . 2008-09-06 12:55 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\Thinstall 2008-09-06 12:34 . 2008-09-07 02:28 2,185 --a------ J:\WINDOWS\wincmd.ini 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\UC.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\RAR.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\PKZIP.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\PKUNZIP.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\NOCLOSE.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\LHA.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\ARJ.PIF 2008-09-06 12:29 . 2007-06-28 18:43 356,352 -ra------ J:\WINDOWS\system32\nvuide.exe 2008-09-06 12:29 . 2005-02-08 07:26 3,507 --a------ J:\WINDOWS\system32\nvide.nvu 2008-09-06 12:28 . 2007-06-28 18:43 356,352 -ra------ J:\WINDOWS\system32\nvusmb.exe 2008-09-06 12:28 . 2007-06-28 18:43 356,352 -ra------ J:\WINDOWS\system32\nvunrm.exe 2008-09-06 12:28 . 2004-12-16 10:28 3,596 --a------ J:\WINDOWS\system32\nvnrm.nvu 2008-09-06 12:28 . 2005-02-08 07:26 1,231 --a------ J:\WINDOWS\system32\nvsmb.nvu 2008-09-06 12:27 . 2002-01-02 18:01 716,502 --a------ J:\WINDOWS\system32\MS7160.bmp 2008-09-06 12:27 . 2002-01-02 18:11 254 --a------ J:\WINDOWS\system32\raidmgmt.ini 2008-09-06 10:54 . 2008-09-06 10:54 <DIR> d-------- J:\Program Files\Microsoft.NET 2008-09-06 10:54 . 2008-09-06 10:54 <DIR> d-------- J:\Program Files\Microsoft ActiveSync 2008-09-06 10:54 . 2003-06-18 17:31 17,920 --a------ J:\WINDOWS\system32\mdimon.dll 2008-09-06 10:54 . 2008-09-06 10:54 376 --a------ J:\WINDOWS\ODBC.INI 2008-09-06 10:53 . 2008-09-06 10:54 <DIR> d-------- J:\WINDOWS\SHELLNEW 2008-09-06 10:01 . 2007-06-28 18:43 123,602 --a------ J:\WINDOWS\system32\nvapps.nvb 2008-09-06 10:00 . 2003-02-21 14:42 348,160 -ra------ J:\WINDOWS\system32\msvcr71.dll 2008-09-06 10:00 . 2007-07-25 10:54 266,240 -ra------ J:\WINDOWS\system32\HookShield.dll 2008-09-06 10:00 . 2007-07-25 10:55 262,144 -ra------ J:\WINDOWS\system32\HookMAp.dll 2008-09-06 10:00 . 2006-04-29 05:36 208,896 -ra------ J:\WINDOWS\system32\WinSys2.exe 2008-09-06 10:00 . 2006-07-12 23:00 131,072 -ra------ J:\WINDOWS\system32\smdll.dll 2008-09-06 10:00 . 2007-05-28 17:13 130,048 -ra------ J:\WINDOWS\system32\MadCHook.dll 2008-09-06 10:00 . 2006-08-14 05:31 32,768 -ra------ J:\WINDOWS\system32\Auxiliary.dll 2008-09-06 02:13 . 2008-09-07 13:22 <DIR> d-------- J:\Program Files\FlashGet 2008-09-06 01:28 . 2008-09-06 01:28 <DIR> d-------- J:\Program Files\Opera 2008-09-06 01:26 . 2008-09-06 02:00 <DIR> d-------- J:\Program Files\Knight Empire 2008-09-06 01:25 . 2005-04-18 13:57 18,706,432 --------- J:\WINDOWS\system32\alsndmgr.cpl 2008-09-06 01:25 . 2005-04-18 14:31 9,324,032 --------- J:\WINDOWS\system32\RTLCPL.exe 2008-09-06 01:25 . 2005-04-19 04:40 2,317,504 --------- J:\WINDOWS\system32\drivers\alcxwdm.sys 2008-09-06 01:25 . 2005-02-03 09:13 294,912 --------- J:\WINDOWS\alcupd.exe 2008-09-06 01:25 . 2005-03-02 14:21 200,704 --------- J:\WINDOWS\alcrmv.exe 2008-09-06 01:25 . 2004-09-07 08:23 156,672 --------- J:\WINDOWS\system32\RtlCPAPI.dll 2008-09-06 01:25 . 2002-02-05 07:54 141,016 --------- J:\WINDOWS\system32\alsndmgr.wav 2008-09-06 01:25 . 2005-04-15 05:01 77,824 --------- J:\WINDOWS\soundman.exe 2008-09-06 01:25 . 2004-10-27 09:47 40,960 --------- J:\WINDOWS\system32\ChCfg.exe 2008-09-06 01:24 . 2005-03-01 10:49 192,512 --------- J:\WINDOWS\RtlExUpd.dll 2008-09-06 01:14 . 2008-09-06 01:14 0 --a------ J:\WINDOWS\msicpl.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 11:05 32 ----a-w J:\WINDOWS\system32\drivers\adidsl.cfg 2008-09-05 23:25 --------- d--h--w J:\Program Files\InstallShield Installation Information 2008-09-05 23:24 --------- d-----w J:\Program Files\Common Files\InstallShield 2008-08-29 01:57 89,370 --sh--r J:\ph.com . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="J:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="J:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432] "SW20"="J:\WINDOWS\system32\sw20.exe" [2006-12-15 208896] "SW24"="J:\WINDOWS\system32\sw24.exe" [2006-12-15 69632] "googletalk"="J:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "nwiz"="nwiz.exe" [2007-06-28 J:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2007-06-28 J:\WINDOWS\system32\nvmctray.dll] "P17Helper"="P17.dll" [2005-04-12 J:\WINDOWS\system32\P17.dll] J:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - J:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-06 1205840] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "J:\\Program Files\\Messenger\\msmsgs.exe"= "J:\\Program Files\\FlashGet\\flashget.exe"= "J:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "J:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 e4usbaw;USB ADSL2 WAN Adapter;J:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);J:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 69656] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\ph.com \Shell\explore\Command - I:\ph.com \Shell\open\Command - I:\ph.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e94e937-00e7-11d6-9200-806d6172696f}] \Shell\AutoRun\command - I:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dd70400-7ba1-11dd-933d-806d6172696f}] \Shell\AutoRun\command - I:\setup.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-kamsoft - J:\WINDOWS\system32\ckvo.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = about:blank O8 -: &Download All with FlashGet - J:\Program Files\FlashGet\jc_all.htm O8 -: &Download with FlashGet - J:\Program Files\FlashGet\jc_link.htm O8 -: E&xport to Microsoft Excel - J:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O17 -: HKLM\CCS\Interface\{2CCAE6FD-0F64-47E6-94F5-0CF3111D88BF}: NameServer = 80.74.164.249,80.74.160.38 . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-09-07 13:27:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . J:\WINDOWS\system32\nvsvc32.exe J:\WINDOWS\system32\rundll32.exe J:\WINDOWS\system32\rundll32.exe J:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-09-07 13:29:41 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-07 11:29:39 Pre-Run: 78,018,371,584 bytes free Post-Run: 78,108,360,704 bytes free 166

Profil

bobby Poslao: 07 Sep 2008 16:37 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Racunar ti je i dalje zarazen. Sta ti je particija I: ? Jel neki USB uredjaj ili particija na fiksnom hard disku? Otvoriti Notepad i iskopirati sledeci tekst: `File:: I:\ph.com J:\ph.com Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e94e937-00e7-11d6-9200-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dd70400-7ba1-11dd-933d-806d6172696f}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Nikolavla Poslao: 07 Sep 2008 16:46 Idi na vrh
offline Nikolavla Građanin Pridružio: 23 Mar 2008 Poruke: 68	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! I: je particija. To sam prikacio stari HDD. Treba da prebacim neke bitne podatke pa onda da formatiram ceo HDD. Ta particija I: cak nece ni da se otvori. Kada kliknem dva puta na nju iz my computera pojavi se prozor na kome pise: I:\ Is not accessible. The file or directory is corrupted and unreadable. Mada mislim da ce se to popraviti kada formatiram tu particiju. Evo novog log file-a: ComboFix 08-09-05.02 - DJ 2008-09-07 16:37:03.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.685 [GMT 2:00] Running from: J:\Documents and Settings\DJ\Desktop\ComboFix.exe Command switches used :: J:\Documents and Settings\DJ\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . J:\ph.com . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-07 16:17 . 2008-09-07 16:17 <DIR> d-------- J:\Documents and Settings\DJ\Contacts 2008-09-07 16:16 . 2008-09-07 16:16 <DIR> d----c--- J:\WINDOWS\system32\DRVSTORE 2008-09-07 16:15 . 2008-09-07 16:15 <DIR> d-------- J:\Program Files\MSN Messenger 2008-09-07 14:05 . 2008-09-07 14:05 <DIR> d-------- J:\Program Files\URUSoft 2008-09-07 13:57 . 2008-07-23 18:50 120,056 --------- J:\WINDOWS\system32\pxcpyi64.exe 2008-09-07 13:46 . 2008-09-07 13:46 <DIR> d-------- J:\Program Files\XviD 2008-09-07 13:46 . 2008-09-07 13:46 <DIR> d-------- J:\Program Files\Fraunhofer MP3 Codec Pro 2008-09-07 13:46 . 2008-09-07 13:57 <DIR> d-------- J:\Program Files\DivX 2008-09-07 13:46 . 2008-09-07 13:46 <DIR> d-------- J:\Program Files\AC3Filter 2008-09-07 13:46 . 2008-09-07 13:46 286,720 --a------ J:\WINDOWS\iun507.exe 2008-09-07 13:46 . 1999-12-17 11:13 86,016 --a------ J:\WINDOWS\unvise32.exe 2008-09-07 13:46 . 2008-09-07 13:46 53,248 --a------ J:\WINDOWS\system32\DivXAF.ax 2008-09-07 13:46 . 2001-12-11 14:16 629 --a------ J:\WINDOWS\mp3out.inf 2008-09-07 13:45 . 2008-09-07 13:46 <DIR> d-------- J:\WINDOWS\LastGood 2008-09-07 13:45 . 2008-09-07 13:45 <DIR> d-------- J:\Program Files\Webteh 2008-09-07 13:45 . 2008-09-07 13:59 <DIR> d-------- J:\Program Files\AdVantage 2008-09-07 13:45 . 2008-09-07 13:45 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\BSplayer Pro 2008-09-07 13:45 . 2008-09-07 13:46 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\BSplayer 2008-09-06 22:00 . 2005-05-26 15:34 2,297,552 --a------ J:\WINDOWS\system32\d3dx9_26.dll 2008-09-06 21:56 . 2008-09-06 21:56 82,774 --a------ J:\WINDOWS\Uninstall Jade Empire.exe 2008-09-06 20:51 . 2007-07-19 18:14 3,727,720 --a------ J:\WINDOWS\system32\d3dx9_35.dll 2008-09-06 20:51 . 2007-04-04 18:53 81,768 --a------ J:\WINDOWS\system32\xinput1_3.dll 2008-09-06 20:03 . 2008-09-06 20:03 <DIR> d-------- J:\Program Files\EndlessOnline 2008-09-06 18:09 . 2008-09-07 15:50 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\skypePM 2008-09-06 18:09 . 2008-09-06 18:09 32 --a------ J:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-09-06 18:08 . 2008-09-07 15:51 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\Skype 2008-09-06 18:07 . 2008-09-06 18:07 <DIR> d-------- J:\Program Files\Skype 2008-09-06 18:07 . 2008-09-06 18:07 <DIR> d-------- J:\Program Files\Common Files\Skype 2008-09-06 18:07 . 2008-09-06 18:07 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\Skype 2008-09-06 16:18 . 2008-09-06 16:44 <DIR> d-------- J:\Program Files\Client 2008-09-06 16:18 . 2008-09-06 16:18 249,856 --------- J:\WINDOWS\Setup1.exe 2008-09-06 16:18 . 2008-09-06 16:18 73,216 --a------ J:\WINDOWS\ST6UNST.EXE 2008-09-06 14:49 . 2008-09-06 14:49 <DIR> d-------- J:\Program Files\Winamp 2008-09-06 13:35 . 2008-09-06 13:35 <DIR> d-------- J:\WINDOWS\system32\Data 2008-09-06 13:34 . 2008-09-06 13:34 <DIR> d-------- J:\Program Files\Google 2008-09-06 13:05 . 2006-12-22 13:18 316,416 --a------ J:\WINDOWS\system32\unaddrv.x64.exe 2008-09-06 13:03 . 2008-09-06 13:03 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\InstallShield 2008-09-06 13:01 . 2008-09-06 13:01 <DIR> d-------- J:\Program Files\SAGEM 2008-09-06 12:55 . 2008-09-06 12:55 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\Thinstall 2008-09-06 12:34 . 2008-09-07 16:17 2,363 --a------ J:\WINDOWS\wincmd.ini 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\UC.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\RAR.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\PKZIP.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\PKUNZIP.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\NOCLOSE.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\LHA.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\ARJ.PIF 2008-09-06 12:29 . 2007-06-28 18:43 356,352 -ra------ J:\WINDOWS\system32\nvuide.exe 2008-09-06 12:29 . 2005-02-08 07:26 3,507 --a------ J:\WINDOWS\system32\nvide.nvu 2008-09-06 12:28 . 2007-06-28 18:43 356,352 -ra------ J:\WINDOWS\system32\nvusmb.exe 2008-09-06 12:28 . 2007-06-28 18:43 356,352 -ra------ J:\WINDOWS\system32\nvunrm.exe 2008-09-06 12:28 . 2004-12-16 10:28 3,596 --a------ J:\WINDOWS\system32\nvnrm.nvu 2008-09-06 12:28 . 2005-02-08 07:26 1,231 --a------ J:\WINDOWS\system32\nvsmb.nvu 2008-09-06 12:27 . 2002-01-02 18:01 716,502 --a------ J:\WINDOWS\system32\MS7160.bmp 2008-09-06 12:27 . 2002-01-02 18:11 254 --a------ J:\WINDOWS\system32\raidmgmt.ini 2008-09-06 10:54 . 2008-09-06 10:54 <DIR> d-------- J:\Program Files\Microsoft.NET 2008-09-06 10:54 . 2008-09-06 10:54 <DIR> d-------- J:\Program Files\Microsoft ActiveSync 2008-09-06 10:54 . 2003-06-18 17:31 17,920 --a------ J:\WINDOWS\system32\mdimon.dll 2008-09-06 10:54 . 2008-09-06 10:54 376 --a------ J:\WINDOWS\ODBC.INI 2008-09-06 10:53 . 2008-09-06 10:54 <DIR> d-------- J:\WINDOWS\SHELLNEW 2008-09-06 10:01 . 2007-06-28 18:43 123,602 --a------ J:\WINDOWS\system32\nvapps.nvb 2008-09-06 10:00 . 2003-02-21 14:42 348,160 -ra------ J:\WINDOWS\system32\msvcr71.dll 2008-09-06 10:00 . 2007-07-25 10:54 266,240 -ra------ J:\WINDOWS\system32\HookShield.dll 2008-09-06 10:00 . 2007-07-25 10:55 262,144 -ra------ J:\WINDOWS\system32\HookMAp.dll 2008-09-06 10:00 . 2006-04-29 05:36 208,896 -ra------ J:\WINDOWS\system32\WinSys2.exe 2008-09-06 10:00 . 2006-07-12 23:00 131,072 -ra------ J:\WINDOWS\system32\smdll.dll 2008-09-06 10:00 . 2007-05-28 17:13 130,048 -ra------ J:\WINDOWS\system32\MadCHook.dll 2008-09-06 10:00 . 2006-08-14 05:31 32,768 -ra------ J:\WINDOWS\system32\Auxiliary.dll 2008-09-06 02:13 . 2008-09-07 16:36 <DIR> d-------- J:\Program Files\FlashGet 2008-09-06 01:28 . 2008-09-06 01:28 <DIR> d-------- J:\Program Files\Opera 2008-09-06 01:26 . 2008-09-06 02:00 <DIR> d-------- J:\Program Files\Knight Empire 2008-09-06 01:25 . 2005-04-18 13:57 18,706,432 --------- J:\WINDOWS\system32\alsndmgr.cpl 2008-09-06 01:25 . 2005-04-18 14:31 9,324,032 --------- J:\WINDOWS\system32\RTLCPL.exe 2008-09-06 01:25 . 2005-04-19 04:40 2,317,504 --------- J:\WINDOWS\system32\drivers\alcxwdm.sys 2008-09-06 01:25 . 2005-02-03 09:13 294,912 --------- J:\WINDOWS\alcupd.exe 2008-09-06 01:25 . 2005-03-02 14:21 200,704 --------- J:\WINDOWS\alcrmv.exe 2008-09-06 01:25 . 2004-09-07 08:23 156,672 --------- J:\WINDOWS\system32\RtlCPAPI.dll 2008-09-06 01:25 . 2002-02-05 07:54 141,016 --------- J:\WINDOWS\system32\alsndmgr.wav 2008-09-06 01:25 . 2005-04-15 05:01 77,824 --------- J:\WINDOWS\soundman.exe 2008-09-06 01:25 . 2004-10-27 09:47 40,960 --------- J:\WINDOWS\system32\ChCfg.exe 2008-09-06 01:24 . 2005-03-01 10:49 192,512 --------- J:\WINDOWS\RtlExUpd.dll 2008-09-06 01:14 . 2008-09-06 01:14 0 --a------ J:\WINDOWS\msicpl.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 11:05 32 ----a-w J:\WINDOWS\system32\drivers\adidsl.cfg 2008-09-05 23:25 --------- d--h--w J:\Program Files\InstallShield Installation Information 2008-09-05 23:24 --------- d-----w J:\Program Files\Common Files\InstallShield 2008-07-25 08:36 524,288 ----a-w J:\WINDOWS\system32\DivXsm.exe 2008-07-23 16:50 43,528 ------w J:\WINDOWS\system32\drivers\PxHelp20.sys 2008-07-23 16:50 3,596,288 ----a-w J:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:50 129,784 ------w J:\WINDOWS\system32\pxafs.dll 2008-07-23 16:50 118,520 ------w J:\WINDOWS\system32\pxinsi64.exe 2008-07-23 16:48 200,704 ----a-w J:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w J:\WINDOWS\system32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w J:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-07_13.29.26.85 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-07 14:16:15 29,926 ----a-r J:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe + 2008-07-25 08:34:36 683,520 ----a-w J:\WINDOWS\system32\DivX.dll + 2008-07-25 08:34:42 823,296 ----a-w J:\WINDOWS\system32\divx_xx07.dll + 2008-07-25 08:34:40 815,104 ----a-w J:\WINDOWS\system32\divx_xx0a.dll + 2008-07-25 08:34:40 823,296 ----a-w J:\WINDOWS\system32\divx_xx0c.dll + 2008-07-25 08:34:40 802,816 ----a-w J:\WINDOWS\system32\divx_xx11.dll + 2008-07-25 08:34:30 161,096 ----a-w J:\WINDOWS\system32\DivXCodecVersionChecker.exe + 2008-07-25 08:34:54 81,920 ----a-w J:\WINDOWS\system32\dpl100.dll + 2008-07-25 08:34:46 294,912 ----a-w J:\WINDOWS\system32\dpu10.dll + 2008-07-25 08:34:46 294,912 ----a-w J:\WINDOWS\system32\dpu11.dll + 2008-07-25 08:34:50 53,248 ----a-w J:\WINDOWS\system32\dpuGUI10.dll + 2008-07-25 08:34:46 593,920 ----a-w J:\WINDOWS\system32\dpuGUI11.dll + 2008-07-25 08:34:46 344,064 ----a-w J:\WINDOWS\system32\dpus11.dll + 2008-07-25 08:34:46 57,344 ----a-w J:\WINDOWS\system32\dpv11.dll + 2008-07-25 08:34:52 196,608 ----a-w J:\WINDOWS\system32\dtu100.dll + 2002-01-05 03:37:28 344,064 ----a-w J:\WINDOWS\system32\msvcr70.dll - 2006-08-25 03:47:00 514,808 ------w J:\WINDOWS\system32\px.dll + 2008-07-23 16:50:46 551,672 ------w J:\WINDOWS\system32\px.dll - 2006-08-25 03:47:00 63,144 ------w J:\WINDOWS\system32\pxcpya64.exe + 2008-07-23 16:50:46 66,296 ------w J:\WINDOWS\system32\pxcpya64.exe - 2006-08-25 03:47:00 477,944 ------w J:\WINDOWS\system32\pxdrv.dll + 2008-07-23 16:50:48 518,904 ------w J:\WINDOWS\system32\pxdrv.dll - 2006-08-25 03:47:00 67,240 ------w J:\WINDOWS\system32\pxhpinst.exe + 2008-07-23 16:50:48 72,440 ------w J:\WINDOWS\system32\pxhpinst.exe - 2006-08-25 03:47:00 62,632 ------w J:\WINDOWS\system32\pxinsa64.exe + 2008-07-23 16:50:46 64,760 ------w J:\WINDOWS\system32\pxinsa64.exe - 2006-08-25 03:47:00 183,032 ------w J:\WINDOWS\system32\pxmas.dll + 2008-07-23 16:50:50 187,128 ------w J:\WINDOWS\system32\pxmas.dll - 2006-08-25 03:47:00 1,309,432 ------w J:\WINDOWS\system32\pxsfs.dll + 2008-07-23 16:50:48 1,628,920 ------w J:\WINDOWS\system32\pxsfs.dll - 2006-08-25 03:47:00 379,640 ------w J:\WINDOWS\system32\pxwave.dll + 2008-07-23 16:50:48 379,640 ------w J:\WINDOWS\system32\pxwave.dll + 2007-01-19 10:53:04 51,056 ----a-w J:\WINDOWS\system32\sirenacm.dll - 2006-08-25 03:47:00 39,672 ------w J:\WINDOWS\system32\vxblock.dll + 2008-07-23 16:50:46 88,824 ------w J:\WINDOWS\system32\vxblock.dll + 2002-06-28 09:43:43 438,272 ----a-w J:\WINDOWS\system32\xvid.dll + 2006-06-05 12:14:28 479,232 ----a-w J:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll + 2006-06-05 12:14:28 548,864 ----a-w J:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll + 2006-06-05 12:14:28 626,688 ----a-w J:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="J:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="J:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432] "SW20"="J:\WINDOWS\system32\sw20.exe" [2006-12-15 208896] "SW24"="J:\WINDOWS\system32\sw24.exe" [2006-12-15 69632] "googletalk"="J:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Trickler"="j:\program files\divx\divx pro codec\gain_trickler_3202.exe" [2008-09-07 200988] "MSConfig"="J:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2002-12-31 158208] "nwiz"="nwiz.exe" [2007-06-28 J:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2007-06-28 J:\WINDOWS\system32\nvmctray.dll] "P17Helper"="P17.dll" [2005-04-12 J:\WINDOWS\system32\P17.dll] J:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - J:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-06 1205840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "msacm.divxa32"= DivXa32.acm "vidc.xvid"= xvid.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] --a------ 2008-08-11 12:33 883992 J:\Program Files\AdVantage\AdVantage.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "J:\\Program Files\\Messenger\\msmsgs.exe"= "J:\\Program Files\\FlashGet\\flashget.exe"= "J:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "J:\\Program Files\\Skype\\Phone\\Skype.exe"= "J:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "J:\\Program Files\\MSN Messenger\\livecall.exe"= R3 e4usbaw;USB ADSL2 WAN Adapter;J:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);J:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 69656] Newly Created Service - USNJSVC . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-09-07 16:37:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-09-07 16:38:18 ComboFix-quarantined-files.txt 2008-09-07 14:38:14 ComboFix2.txt 2008-09-07 11:29:42 Pre-Run: 77,824,360,448 bytes free Post-Run: 77,820,383,232 bytes free 212 Dopuna: 07 Sep 2008 16:46 I: je particija. To sam prikacio stari HDD. Treba da prebacim neke bitne podatke pa onda da formatiram ceo HDD. Ta particija I: cak nece ni da se otvori. Kada kliknem dva puta na nju iz my computera pojavi se prozor na kome pise: I:\ Is not accessible. The file or directory is corrupted and unreadable. Mada mislim da ce se to popraviti kada formatiram tu particiju. Evo novog log file-a: ComboFix 08-09-05.02 - DJ 2008-09-07 16:37:03.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.685 [GMT 2:00] Running from: J:\Documents and Settings\DJ\Desktop\ComboFix.exe Command switches used :: J:\Documents and Settings\DJ\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . J:\ph.com . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-07 16:17 . 2008-09-07 16:17 <DIR> d-------- J:\Documents and Settings\DJ\Contacts 2008-09-07 16:16 . 2008-09-07 16:16 <DIR> d----c--- J:\WINDOWS\system32\DRVSTORE 2008-09-07 16:15 . 2008-09-07 16:15 <DIR> d-------- J:\Program Files\MSN Messenger 2008-09-07 14:05 . 2008-09-07 14:05 <DIR> d-------- J:\Program Files\URUSoft 2008-09-07 13:57 . 2008-07-23 18:50 120,056 --------- J:\WINDOWS\system32\pxcpyi64.exe 2008-09-07 13:46 . 2008-09-07 13:46 <DIR> d-------- J:\Program Files\XviD 2008-09-07 13:46 . 2008-09-07 13:46 <DIR> d-------- J:\Program Files\Fraunhofer MP3 Codec Pro 2008-09-07 13:46 . 2008-09-07 13:57 <DIR> d-------- J:\Program Files\DivX 2008-09-07 13:46 . 2008-09-07 13:46 <DIR> d-------- J:\Program Files\AC3Filter 2008-09-07 13:46 . 2008-09-07 13:46 286,720 --a------ J:\WINDOWS\iun507.exe 2008-09-07 13:46 . 1999-12-17 11:13 86,016 --a------ J:\WINDOWS\unvise32.exe 2008-09-07 13:46 . 2008-09-07 13:46 53,248 --a------ J:\WINDOWS\system32\DivXAF.ax 2008-09-07 13:46 . 2001-12-11 14:16 629 --a------ J:\WINDOWS\mp3out.inf 2008-09-07 13:45 . 2008-09-07 13:46 <DIR> d-------- J:\WINDOWS\LastGood 2008-09-07 13:45 . 2008-09-07 13:45 <DIR> d-------- J:\Program Files\Webteh 2008-09-07 13:45 . 2008-09-07 13:59 <DIR> d-------- J:\Program Files\AdVantage 2008-09-07 13:45 . 2008-09-07 13:45 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\BSplayer Pro 2008-09-07 13:45 . 2008-09-07 13:46 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\BSplayer 2008-09-06 22:00 . 2005-05-26 15:34 2,297,552 --a------ J:\WINDOWS\system32\d3dx9_26.dll 2008-09-06 21:56 . 2008-09-06 21:56 82,774 --a------ J:\WINDOWS\Uninstall Jade Empire.exe 2008-09-06 20:51 . 2007-07-19 18:14 3,727,720 --a------ J:\WINDOWS\system32\d3dx9_35.dll 2008-09-06 20:51 . 2007-04-04 18:53 81,768 --a------ J:\WINDOWS\system32\xinput1_3.dll 2008-09-06 20:03 . 2008-09-06 20:03 <DIR> d-------- J:\Program Files\EndlessOnline 2008-09-06 18:09 . 2008-09-07 15:50 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\skypePM 2008-09-06 18:09 . 2008-09-06 18:09 32 --a------ J:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-09-06 18:08 . 2008-09-07 15:51 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\Skype 2008-09-06 18:07 . 2008-09-06 18:07 <DIR> d-------- J:\Program Files\Skype 2008-09-06 18:07 . 2008-09-06 18:07 <DIR> d-------- J:\Program Files\Common Files\Skype 2008-09-06 18:07 . 2008-09-06 18:07 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\Skype 2008-09-06 16:18 . 2008-09-06 16:44 <DIR> d-------- J:\Program Files\Client 2008-09-06 16:18 . 2008-09-06 16:18 249,856 --------- J:\WINDOWS\Setup1.exe 2008-09-06 16:18 . 2008-09-06 16:18 73,216 --a------ J:\WINDOWS\ST6UNST.EXE 2008-09-06 14:49 . 2008-09-06 14:49 <DIR> d-------- J:\Program Files\Winamp 2008-09-06 13:35 . 2008-09-06 13:35 <DIR> d-------- J:\WINDOWS\system32\Data 2008-09-06 13:34 . 2008-09-06 13:34 <DIR> d-------- J:\Program Files\Google 2008-09-06 13:05 . 2006-12-22 13:18 316,416 --a------ J:\WINDOWS\system32\unaddrv.x64.exe 2008-09-06 13:03 . 2008-09-06 13:03 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\InstallShield 2008-09-06 13:01 . 2008-09-06 13:01 <DIR> d-------- J:\Program Files\SAGEM 2008-09-06 12:55 . 2008-09-06 12:55 <DIR> d-------- J:\Documents and Settings\DJ\Application Data\Thinstall 2008-09-06 12:34 . 2008-09-07 16:17 2,363 --a------ J:\WINDOWS\wincmd.ini 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\UC.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\RAR.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\PKZIP.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\PKUNZIP.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\NOCLOSE.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\LHA.PIF 2008-09-06 12:34 . 2008-04-22 07:03 545 --a------ J:\WINDOWS\ARJ.PIF 2008-09-06 12:29 . 2007-06-28 18:43 356,352 -ra------ J:\WINDOWS\system32\nvuide.exe 2008-09-06 12:29 . 2005-02-08 07:26 3,507 --a------ J:\WINDOWS\system32\nvide.nvu 2008-09-06 12:28 . 2007-06-28 18:43 356,352 -ra------ J:\WINDOWS\system32\nvusmb.exe 2008-09-06 12:28 . 2007-06-28 18:43 356,352 -ra------ J:\WINDOWS\system32\nvunrm.exe 2008-09-06 12:28 . 2004-12-16 10:28 3,596 --a------ J:\WINDOWS\system32\nvnrm.nvu 2008-09-06 12:28 . 2005-02-08 07:26 1,231 --a------ J:\WINDOWS\system32\nvsmb.nvu 2008-09-06 12:27 . 2002-01-02 18:01 716,502 --a------ J:\WINDOWS\system32\MS7160.bmp 2008-09-06 12:27 . 2002-01-02 18:11 254 --a------ J:\WINDOWS\system32\raidmgmt.ini 2008-09-06 10:54 . 2008-09-06 10:54 <DIR> d-------- J:\Program Files\Microsoft.NET 2008-09-06 10:54 . 2008-09-06 10:54 <DIR> d-------- J:\Program Files\Microsoft ActiveSync 2008-09-06 10:54 . 2003-06-18 17:31 17,920 --a------ J:\WINDOWS\system32\mdimon.dll 2008-09-06 10:54 . 2008-09-06 10:54 376 --a------ J:\WINDOWS\ODBC.INI 2008-09-06 10:53 . 2008-09-06 10:54 <DIR> d-------- J:\WINDOWS\SHELLNEW 2008-09-06 10:01 . 2007-06-28 18:43 123,602 --a------ J:\WINDOWS\system32\nvapps.nvb 2008-09-06 10:00 . 2003-02-21 14:42 348,160 -ra------ J:\WINDOWS\system32\msvcr71.dll 2008-09-06 10:00 . 2007-07-25 10:54 266,240 -ra------ J:\WINDOWS\system32\HookShield.dll 2008-09-06 10:00 . 2007-07-25 10:55 262,144 -ra------ J:\WINDOWS\system32\HookMAp.dll 2008-09-06 10:00 . 2006-04-29 05:36 208,896 -ra------ J:\WINDOWS\system32\WinSys2.exe 2008-09-06 10:00 . 2006-07-12 23:00 131,072 -ra------ J:\WINDOWS\system32\smdll.dll 2008-09-06 10:00 . 2007-05-28 17:13 130,048 -ra------ J:\WINDOWS\system32\MadCHook.dll 2008-09-06 10:00 . 2006-08-14 05:31 32,768 -ra------ J:\WINDOWS\system32\Auxiliary.dll 2008-09-06 02:13 . 2008-09-07 16:36 <DIR> d-------- J:\Program Files\FlashGet 2008-09-06 01:28 . 2008-09-06 01:28 <DIR> d-------- J:\Program Files\Opera 2008-09-06 01:26 . 2008-09-06 02:00 <DIR> d-------- J:\Program Files\Knight Empire 2008-09-06 01:25 . 2005-04-18 13:57 18,706,432 --------- J:\WINDOWS\system32\alsndmgr.cpl 2008-09-06 01:25 . 2005-04-18 14:31 9,324,032 --------- J:\WINDOWS\system32\RTLCPL.exe 2008-09-06 01:25 . 2005-04-19 04:40 2,317,504 --------- J:\WINDOWS\system32\drivers\alcxwdm.sys 2008-09-06 01:25 . 2005-02-03 09:13 294,912 --------- J:\WINDOWS\alcupd.exe 2008-09-06 01:25 . 2005-03-02 14:21 200,704 --------- J:\WINDOWS\alcrmv.exe 2008-09-06 01:25 . 2004-09-07 08:23 156,672 --------- J:\WINDOWS\system32\RtlCPAPI.dll 2008-09-06 01:25 . 2002-02-05 07:54 141,016 --------- J:\WINDOWS\system32\alsndmgr.wav 2008-09-06 01:25 . 2005-04-15 05:01 77,824 --------- J:\WINDOWS\soundman.exe 2008-09-06 01:25 . 2004-10-27 09:47 40,960 --------- J:\WINDOWS\system32\ChCfg.exe 2008-09-06 01:24 . 2005-03-01 10:49 192,512 --------- J:\WINDOWS\RtlExUpd.dll 2008-09-06 01:14 . 2008-09-06 01:14 0 --a------ J:\WINDOWS\msicpl.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 11:05 32 ----a-w J:\WINDOWS\system32\drivers\adidsl.cfg 2008-09-05 23:25 --------- d--h--w J:\Program Files\InstallShield Installation Information 2008-09-05 23:24 --------- d-----w J:\Program Files\Common Files\InstallShield 2008-07-25 08:36 524,288 ----a-w J:\WINDOWS\system32\DivXsm.exe 2008-07-23 16:50 43,528 ------w J:\WINDOWS\system32\drivers\PxHelp20.sys 2008-07-23 16:50 3,596,288 ----a-w J:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:50 129,784 ------w J:\WINDOWS\system32\pxafs.dll 2008-07-23 16:50 118,520 ------w J:\WINDOWS\system32\pxinsi64.exe 2008-07-23 16:48 200,704 ----a-w J:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w J:\WINDOWS\system32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w J:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-07_13.29.26.85 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-07 14:16:15 29,926 ----a-r J:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe + 2008-07-25 08:34:36 683,520 ----a-w J:\WINDOWS\system32\DivX.dll + 2008-07-25 08:34:42 823,296 ----a-w J:\WINDOWS\system32\divx_xx07.dll + 2008-07-25 08:34:40 815,104 ----a-w J:\WINDOWS\system32\divx_xx0a.dll + 2008-07-25 08:34:40 823,296 ----a-w J:\WINDOWS\system32\divx_xx0c.dll + 2008-07-25 08:34:40 802,816 ----a-w J:\WINDOWS\system32\divx_xx11.dll + 2008-07-25 08:34:30 161,096 ----a-w J:\WINDOWS\system32\DivXCodecVersionChecker.exe + 2008-07-25 08:34:54 81,920 ----a-w J:\WINDOWS\system32\dpl100.dll + 2008-07-25 08:34:46 294,912 ----a-w J:\WINDOWS\system32\dpu10.dll + 2008-07-25 08:34:46 294,912 ----a-w J:\WINDOWS\system32\dpu11.dll + 2008-07-25 08:34:50 53,248 ----a-w J:\WINDOWS\system32\dpuGUI10.dll + 2008-07-25 08:34:46 593,920 ----a-w J:\WINDOWS\system32\dpuGUI11.dll + 2008-07-25 08:34:46 344,064 ----a-w J:\WINDOWS\system32\dpus11.dll + 2008-07-25 08:34:46 57,344 ----a-w J:\WINDOWS\system32\dpv11.dll + 2008-07-25 08:34:52 196,608 ----a-w J:\WINDOWS\system32\dtu100.dll + 2002-01-05 03:37:28 344,064 ----a-w J:\WINDOWS\system32\msvcr70.dll - 2006-08-25 03:47:00 514,808 ------w J:\WINDOWS\system32\px.dll + 2008-07-23 16:50:46 551,672 ------w J:\WINDOWS\system32\px.dll - 2006-08-25 03:47:00 63,144 ------w J:\WINDOWS\system32\pxcpya64.exe + 2008-07-23 16:50:46 66,296 ------w J:\WINDOWS\system32\pxcpya64.exe - 2006-08-25 03:47:00 477,944 ------w J:\WINDOWS\system32\pxdrv.dll + 2008-07-23 16:50:48 518,904 ------w J:\WINDOWS\system32\pxdrv.dll - 2006-08-25 03:47:00 67,240 ------w J:\WINDOWS\system32\pxhpinst.exe + 2008-07-23 16:50:48 72,440 ------w J:\WINDOWS\system32\pxhpinst.exe - 2006-08-25 03:47:00 62,632 ------w J:\WINDOWS\system32\pxinsa64.exe + 2008-07-23 16:50:46 64,760 ------w J:\WINDOWS\system32\pxinsa64.exe - 2006-08-25 03:47:00 183,032 ------w J:\WINDOWS\system32\pxmas.dll + 2008-07-23 16:50:50 187,128 ------w J:\WINDOWS\system32\pxmas.dll - 2006-08-25 03:47:00 1,309,432 ------w J:\WINDOWS\system32\pxsfs.dll + 2008-07-23 16:50:48 1,628,920 ------w J:\WINDOWS\system32\pxsfs.dll - 2006-08-25 03:47:00 379,640 ------w J:\WINDOWS\system32\pxwave.dll + 2008-07-23 16:50:48 379,640 ------w J:\WINDOWS\system32\pxwave.dll + 2007-01-19 10:53:04 51,056 ----a-w J:\WINDOWS\system32\sirenacm.dll - 2006-08-25 03:47:00 39,672 ------w J:\WINDOWS\system32\vxblock.dll + 2008-07-23 16:50:46 88,824 ------w J:\WINDOWS\system32\vxblock.dll + 2002-06-28 09:43:43 438,272 ----a-w J:\WINDOWS\system32\xvid.dll + 2006-06-05 12:14:28 479,232 ----a-w J:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll + 2006-06-05 12:14:28 548,864 ----a-w J:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll + 2006-06-05 12:14:28 626,688 ----a-w J:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="J:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="J:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432] "SW20"="J:\WINDOWS\system32\sw20.exe" [2006-12-15 208896] "SW24"="J:\WINDOWS\system32\sw24.exe" [2006-12-15 69632] "googletalk"="J:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Trickler"="j:\program files\divx\divx pro codec\gain_trickler_3202.exe" [2008-09-07 200988] "MSConfig"="J:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2002-12-31 158208] "nwiz"="nwiz.exe" [2007-06-28 J:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2007-06-28 J:\WINDOWS\system32\nvmctray.dll] "P17Helper"="P17.dll" [2005-04-12 J:\WINDOWS\system32\P17.dll] J:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - J:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-06 1205840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "msacm.divxa32"= DivXa32.acm "vidc.xvid"= xvid.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] --a------ 2008-08-11 12:33 883992 J:\Program Files\AdVantage\AdVantage.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "J:\\Program Files\\Messenger\\msmsgs.exe"= "J:\\Program Files\\FlashGet\\flashget.exe"= "J:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "J:\\Program Files\\Skype\\Phone\\Skype.exe"= "J:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "J:\\Program Files\\MSN Messenger\\livecall.exe"= R3 e4usbaw;USB ADSL2 WAN Adapter;J:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);J:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 69656] Newly Created Service - USNJSVC . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-09-07 16:37:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-09-07 16:38:18 ComboFix-quarantined-files.txt 2008-09-07 14:38:14 ComboFix2.txt 2008-09-07 11:29:42 Pre-Run: 77,824,360,448 bytes free Post-Run: 77,820,383,232 bytes free 212

Profil

bobby Poslao: 07 Sep 2008 18:09 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo sada izgleda OK. Kako se komp ponasa? Ima li kakvih simptoma?

Profil

Nikolavla Poslao: 07 Sep 2008 19:21 Idi na vrh
offline Nikolavla Građanin Pridružio: 23 Mar 2008 Poruke: 68	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa za sada dobro. Od sinoc nisam primetio da se pojavljuje generic host. Sada cu da instaliram SP3. Ako pocne da se ponasa cudno onda cu da se javim. Hvala.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Generic Host for Win32 Services

Ko je trenutno na forumu

Ukupno su 929 korisnika na forumu :: 21 registrovanih, 5 sakrivenih i 903 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Alibaba1981, bbogdan, Bobrock1, Bubimir, dragan_mig31, dzoni19, grenadir, jackreacher011011, laurusri, Lieutenant, Milos ZA, milos97, MiroslavD, Neutral-M, ozzy, Panter, raptorsi, stagezin, stegonosa, Tila Painen, tomigun

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by