MyCity » Ambulanta -> Arhiva Ambulante » Problem sa racunarom

Problem sa racunarom

Napisano na dan: 16.1.2009

Strana:
1
2

Problem sa racunarom

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Starday Poslao: 16 Jan 2009 13:12 Idi na vrh
offline Starday Građanin Pridružio: 25 Okt 2006 Poruke: 276	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da ne pisem ponovo, drug mi je ovo napisao, pa ja vama proslijedjujem: Kad palim komp dodje mi do slike na desktopu i nista dalje, ni jedna ikonica, nista. Ctrl+Alt+Del i pokrenem task manager pa onda malo pokrecem neke procese vamo tamo... i posle jedno desetak minuta pojavi se normala desktop. Najzanimljivije je sto mi se procesi izvrsavaju ni pod system niti bilo kojim korisnikom :-\| samo polje User Name bude prazno :-( Imam nekog trojanca AhnRpta.exe ne mogu ga se otarasiti nikako, kad god probam da udjem na C: on se pokrene i napravi mi fajl u %windows% Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:02:32, on 16.1.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\xampp\apache\bin\apache.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\xampp\apache\bin\apache.exe C:\WINDOWS\AhnRpta.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\mdm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Documents and Settings\dzona\Desktop\dzona.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\dse235rgd0.dll O2 - BHO: IEHlprObj Class - {F171A450-7AF5-43E1-AFED-EDC826A1B0F5} - C:\WINDOWS\system32\bgdferw0.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6887 bytes

Profil

helen1 Poslao: 16 Jan 2009 13:50 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Zasto ne koristis Antivirus? Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Starday Poslao: 16 Jan 2009 14:23 Idi na vrh
offline Starday Građanin Pridružio: 25 Okt 2006 Poruke: 276	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-15.01 - dzona 2009-01-16 14:07:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.326 [GMT 1:00] Running from: c:\documents and settings\dzona\Desktop\ComboFix.exe AV: ZoneAlarm Security Suite Antivirus On-access scanning enabled (Updated) FW: ZoneAlarm Security Suite Firewall enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\bvc0gyp.bat c:\documents and settings\dzona\Application Data\EurekaLog c:\documents and settings\dzona\Local Settings\Temporary Internet Files\MF12161ED.gif c:\documents and settings\dzona\Local Settings\Temporary Internet Files\SF0ED.gif c:\windows\system32\mdm.exe D:\Autorun.inf D:\bvc0gyp.bat D:\resycled d:\resycled\boot.com E:\Autorun.inf E:\bvc0gyp.bat E:\resycled e:\resycled\boot.com . ((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 ))))))))))))))))))))))))))))))) . 2009-01-16 01:09 . 2009-01-16 01:09 <DIR> d-------- c:\program files\Trend Micro 2009-01-16 01:05 . 2008-04-14 09:00 69,120 --a------ c:\windows\AhnRpta.exe 2009-01-16 00:25 . 2009-01-16 00:25 288 --a------ c:\windows\ODBC.INI 2009-01-16 00:25 . 2009-01-16 00:25 126 --a------ c:\windows\mdm.ini 2009-01-16 00:23 . 2009-01-16 00:23 <DIR> d-------- c:\program files\Web Publish 2009-01-15 22:01 . 2009-01-16 13:46 805 --a------ C:\rollback.ini 2009-01-15 21:16 . 2009-01-15 21:16 38,805 --a------ c:\windows\FontData.fdb 2009-01-15 19:31 . 2009-01-15 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier 2009-01-15 19:31 . 2008-08-10 21:42 72,592 --a------ c:\windows\zllsputility.exe 2009-01-15 19:31 . 2009-01-16 00:51 4,212 --ah----- c:\windows\system32\zllictbl.dat 2009-01-15 19:30 . 2009-01-15 22:03 <DIR> d-------- c:\windows\system32\ZoneLabs 2009-01-15 19:30 . 2009-01-15 19:30 <DIR> d-------- c:\program files\Zone Labs 2009-01-15 19:30 . 2008-08-10 21:42 1,221,008 --a------ c:\windows\system32\zpeng25.dll 2009-01-15 19:30 . 2009-01-16 13:50 349,222 --a------ c:\windows\system32\vsconfig.xml 2009-01-15 19:29 . 2009-01-16 14:02 <DIR> d-------- c:\windows\Internet Logs 2009-01-15 17:53 . 2009-01-15 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-15 17:34 . 2009-01-15 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-01-15 16:13 . 2009-01-15 16:14 69,240 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-01-15 15:40 . 2009-01-15 15:40 <DIR> d-------- C:\totalcmd 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\UC.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\RAR.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\PKZIP.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\PKUNZIP.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\NOCLOSE.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\LHA.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\ARJ.PIF 2009-01-15 15:40 . 2009-01-16 01:09 300 --a------ c:\windows\wincmd.ini 2009-01-15 03:12 . 2009-01-15 03:12 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2009-01-15 03:12 . 2009-01-15 03:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2009-01-15 03:07 . 2009-01-15 03:07 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-01-15 03:06 . 2009-01-15 03:15 <DIR> d-------- c:\program files\Common Files\Adobe 2009-01-15 02:47 . 2009-01-15 02:50 <DIR> d-------- c:\program files\eMule 2009-01-15 02:11 . 2009-01-15 02:39 <DIR> d-------- c:\program files\MySQL-Front 2009-01-15 02:11 . 2009-01-15 02:13 <DIR> d-------- c:\documents and settings\dzona\Application Data\MySQL-Front 2009-01-15 01:46 . 2009-01-15 01:46 <DIR> d-------- c:\program files\MySQL 2009-01-15 01:46 . 2009-01-15 01:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\MySQL 2009-01-15 01:41 . 2009-01-15 01:41 <DIR> d-------- c:\program files\MSECache 2009-01-15 01:40 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-01-15 01:38 . 2009-01-15 01:38 <DIR> d-------- c:\program files\MSBuild 2009-01-15 01:38 . 2009-01-15 01:38 <DIR> d-------- c:\program files\Microsoft Works 2009-01-15 01:33 . 2009-01-15 01:37 <DIR> d-------- c:\windows\SHELLNEW 2009-01-15 01:32 . 2009-01-15 01:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-15 01:31 . 2009-01-15 01:31 <DIR> dr-h----- C:\MSOCache 2009-01-15 01:14 . 2009-01-15 12:57 <DIR> d-------- c:\documents and settings\dzona\Contacts 2009-01-15 01:13 . 2009-01-15 01:13 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-01-15 01:13 . 2009-01-15 01:13 <DIR> d-------- c:\program files\MSN Messenger 2009-01-15 01:06 . 2009-01-15 01:06 <DIR> d-------- c:\program files\Babylon 2009-01-15 01:06 . 2009-01-16 01:20 <DIR> d-------- c:\documents and settings\dzona\Application Data\Babylon 2009-01-15 01:06 . 2009-01-16 13:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Babylon 2009-01-15 01:05 . 2009-01-15 01:05 <DIR> d-------- c:\windows\SxsCaPendDel 2009-01-15 00:16 . 2009-01-15 00:16 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-14 22:23 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg 2009-01-14 22:20 . 2009-01-14 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2009-01-14 21:46 . 2009-01-14 21:46 <DIR> d-------- c:\documents and settings\dzona\Application Data\TuneUp Software 2009-01-14 21:46 . 2009-01-14 21:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-01-14 21:46 . 2009-01-14 21:46 306,432 --a------ c:\windows\system32\TuneUpDefragService.exe 2009-01-14 21:46 . 2007-12-20 10:41 29,440 --a------ c:\windows\system32\uxtuneup.dll 2009-01-14 21:45 . 2009-01-14 21:46 <DIR> d-------- c:\program files\TuneUp Utilities 2008 2009-01-14 21:45 . 2009-01-14 21:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-14 21:43 . 2009-01-15 21:10 56 -r-hs---- c:\windows\system32\326CC3F28F.sys 2009-01-14 21:40 . 2009-01-14 21:40 <DIR> d-------- c:\program files\Corel 2009-01-14 21:40 . 2009-01-14 21:40 <DIR> d-------- c:\program files\Common Files\Corel 2009-01-14 21:31 . 2009-01-14 21:31 <DIR> d-------- c:\documents and settings\dzona\Application Data\Corel 2009-01-14 21:31 . 2009-01-15 21:11 3,350 --ahs---- c:\windows\system32\KGyGaAvL.sys 2009-01-14 21:30 . 2009-01-14 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2009-01-14 21:28 . 2008-04-14 04:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-01-14 21:22 . 2009-01-14 21:22 <DIR> d-------- c:\program files\Alcohol Soft 2009-01-14 21:21 . 2009-01-14 21:21 715,248 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-14 16:07 . 2009-01-14 16:07 <DIR> d-------- c:\program files\Google 2009-01-14 15:56 . 2009-01-14 15:56 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-14 13:21 . 2009-01-14 13:21 <DIR> d-------- c:\windows\system32\Lang 2009-01-14 13:21 . 2009-01-14 13:21 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-01-14 13:21 . 2009-01-14 13:21 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-01-14 13:15 . 2009-01-14 13:15 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-14 13:08 . 2009-01-14 13:08 <DIR> d-------- c:\program files\Webteh 2009-01-14 12:52 . 2009-01-15 00:15 <DIR> d-------- c:\documents and settings\dzona\Tracing 2009-01-14 12:47 . 2009-01-14 12:47 <DIR> d-------- c:\documents and settings\dzona\Application Data\Star-Tools 2009-01-14 12:42 . 2009-01-14 12:43 <DIR> d-------- C:\xampp 2009-01-14 07:25 . 2009-01-16 03:45 <DIR> d-------- c:\program files\FreeRapid-0.71 2009-01-14 07:25 . 2009-01-14 07:25 <DIR> d-------- c:\documents and settings\dzona\Application Data\VitySoft 2009-01-14 07:18 . 2009-01-14 07:18 <DIR> d-------- c:\program files\Winamp 2009-01-14 07:18 . 2009-01-14 13:15 <DIR> d-------- c:\documents and settings\dzona\Application Data\Winamp 2009-01-14 07:11 . 2009-01-15 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-01-14 07:10 . 2008-02-21 23:03 69,632 --a------ c:\windows\system32\javacpl.cpl 2009-01-14 07:09 . 2009-01-14 07:10 <DIR> d-------- c:\program files\Java 2009-01-14 07:09 . 2009-01-14 07:09 <DIR> d-------- c:\program files\Common Files\Java 2009-01-14 07:06 . 2009-01-14 21:22 175,087 -r-hs---- c:\windows\system32\oukdfgr.exe 2009-01-14 07:06 . 2009-01-14 21:23 109,056 -r-hs---- c:\windows\system32\hyrteas0.dll 2009-01-14 07:05 . 2009-01-14 07:05 0 --a------ c:\windows\nsreg.dat 2009-01-14 06:58 . 2009-01-14 06:58 <DIR> d-------- c:\windows\system32\RTCOM 2009-01-14 06:58 . 2006-03-16 06:24 4,249,088 -r------- c:\windows\system32\drivers\RtkHDAud.Sys 2009-01-14 06:58 . 2006-03-09 10:45 364,544 -r------- c:\windows\RtlUpd.exe 2009-01-14 06:58 . 2005-10-31 11:17 135,168 -r------- c:\windows\system32\RtlCPAPI.dll 2009-01-14 06:58 . 2006-02-20 10:00 86,016 -r------- c:\windows\SoundMan.exe 2009-01-14 06:58 . 2005-07-15 09:48 40,960 -r------- c:\windows\system32\ChCfg.exe 2009-01-14 06:57 . 2009-01-14 06:57 <DIR> d-------- c:\program files\Realtek 2009-01-14 06:57 . 2006-03-14 10:01 16,010,752 -r------- c:\windows\RTHDCPL.exe 2009-01-14 06:57 . 2006-03-14 08:49 9,711,104 -r------- c:\windows\RTLCPL.exe 2009-01-14 06:57 . 2006-03-14 08:45 2,809,344 -r------- c:\windows\alcwzrd.exe 2009-01-14 06:57 . 2006-03-10 12:32 2,158,592 -r------- c:\windows\MicCal.exe 2009-01-14 06:57 . 2005-04-16 15:20 487,424 -r------- c:\windows\RtlExUpd.dll 2009-01-14 06:57 . 2005-09-21 03:25 299,008 -r------- c:\windows\system32\ALSndMgr.Cpl 2009-01-14 06:57 . 2006-01-10 06:58 266,240 -r------- c:\windows\system32\RTSndMgr.Cpl 2009-01-14 06:57 . 2005-05-03 11:43 69,632 -r------- c:\windows\Alcmtr.exe 2009-01-14 06:56 . 2005-11-16 09:08 78,976 --a------ c:\windows\system32\drivers\Rtenicxp.sys 2009-01-14 06:52 . 2009-01-14 06:52 <DIR> d-------- c:\program files\IVT Corporation 2009-01-14 06:52 . 2008-04-14 00:45 172,416 --a------ c:\windows\system32\drivers\kmixer.sys 2009-01-14 06:49 . 2009-01-14 06:49 <DIR> d-------- c:\windows\Options 2009-01-14 06:49 . 2005-09-26 05:21 1,145,728 -ra------ c:\windows\system32\drivers\AGRSM.sys 2009-01-14 06:49 . 2005-09-09 04:20 88,203 -ra------ c:\windows\AGRSMMSG.exe 2009-01-14 06:49 . 2005-05-02 05:10 68,096 --------- c:\windows\system32\agrsmdel.exe 2009-01-14 06:49 . 2005-05-02 05:10 68,096 -ra------ c:\windows\agrsmdel.exe 2009-01-14 00:10 . 2009-01-14 00:10 4,444 --a------ c:\windows\system32\pid.PNF 2009-01-14 00:09 . 2001-08-17 18:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys 2009-01-14 00:08 . 2008-04-14 10:42 74,240 --a------ c:\windows\system32\usbui.dll 2009-01-14 00:08 . 2008-04-14 05:10 57,600 --a------ c:\windows\system32\drivers\redbook.sys 2009-01-14 00:08 . 2008-04-14 05:06 14,208 --a------ c:\windows\system32\drivers\battc.sys 2009-01-14 00:08 . 2008-04-14 05:06 13,952 --a------ c:\windows\system32\drivers\CmBatt.sys 2009-01-14 00:08 . 2008-04-14 05:06 10,240 --a------ c:\windows\system32\drivers\compbatt.sys 2009-01-14 00:08 . 2001-08-17 18:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys 2009-01-14 00:06 . 2009-01-15 03:15 <DIR> dr------- c:\documents and settings\All Users\Documents 2009-01-14 00:05 . 2009-01-15 17:59 <DIR> d-------- c:\windows\system32\CatRoot2 2009-01-14 00:05 . 2009-01-15 17:08 <DIR> d-------- c:\windows\system32\CatRoot 2009-01-14 00:05 . 2009-01-13 23:19 <DIR> d--h----- c:\documents and settings\Default User 2009-01-14 00:05 . 2009-01-13 23:17 <DIR> d-------- c:\documents and settings\All Users . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 20:30 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-14 05:57 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-13 22:31 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-01-13 22:31 --------- d-----w c:\program files\RALINK 2009-01-13 22:30 --------- d-----w c:\program files\ATI Technologies 2009-01-13 22:27 --------- d-----w c:\program files\AMD 2009-01-13 22:19 --------- d-----w c:\program files\microsoft frontpage 2009-01-13 22:13 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll 2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll 2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-14 3960552] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-10 981904] "RTHDCPL"="RTHDCPL.EXE" [2006-03-14 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] --a------ 2007-11-21 03:11 3289088 c:\program files\Google\Google Talk\googletalk.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AGRSMMSG"=AGRSMMSG.exe "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\xampp\\apache\\bin\\apache.exe"= "c:\\xampp\\mysql\\bin\\mysqld.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3306:TCP"= 3306:TCP:MySQL Server R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056] R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-10 24636] S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2519b0cc-e279-11dd-ac78-0016174fd288}] \Shell\AutoRun\command - H:\ve.exe \Shell\open\Command - H:\ve.exe . Contents of the 'Scheduled Tasks' folder 2009-01-14 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31] . - - - - ORPHANS REMOVED - - - - BHO-{F171A450-7AF5-43E1-AFED-EDC826A1B0F5} - (no file) ShellExecuteHooks-{BB4C402F-882A-4526-8C08-51278EA437C1} - (no file) MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm FF - ProfilePath - c:\documents and settings\dzona\Application Data\Mozilla\Firefox\Profiles\1gk3djcj.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.ba . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-16 14:09:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(772) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-01-16 14:10:20 ComboFix-quarantined-files.txt 2009-01-16 13:10:18 Pre-Run: 25.482.981.376 bytes free Post-Run: 25,596,051,456 bytes free 274

Profil

helen1 Poslao: 16 Jan 2009 15:51 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\AhnRpta.exe c:\windows\system32\oukdfgr.exe c:\windows\system32\hyrteas0.dll Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2519b0cc-e279-11dd-ac78-0016174fd288}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Starday Poslao: 16 Jan 2009 21:12 Idi na vrh
offline Starday Građanin Pridružio: 25 Okt 2006 Poruke: 276	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako mislis ne koristim? Imam Zone Alarm Internet Security 2009 ali sam ga ga ugasio prije pokretanja Comba. Tek sam podigao sistem na racunaru i instalirao ZA. Mozes li mi preporuciti neki drugi antivirus ili sta vec? Da li je ZA ok? ComboFix 09-01-15.01 - dzona 2009-01-16 21:01:17.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.346 [GMT 1:00] Running from: c:\documents and settings\dzona\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\dzona\Desktop\CFScript.txt AV: ZoneAlarm Security Suite Antivirus On-access scanning enabled (Updated) FW: ZoneAlarm Security Suite Firewall enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\AhnRpta.exe c:\windows\system32\hyrteas0.dll c:\windows\system32\oukdfgr.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\AhnRpta.exe c:\windows\system32\hyrteas0.dll c:\windows\system32\oukdfgr.exe . ((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 ))))))))))))))))))))))))))))))) . 2009-01-16 14:26 . 2009-01-16 20:49 <DIR> d-------- c:\documents and settings\dzona\Application Data\uTorrent 2009-01-16 01:09 . 2009-01-16 01:09 <DIR> d-------- c:\program files\Trend Micro 2009-01-16 00:25 . 2009-01-16 00:25 288 --a------ c:\windows\ODBC.INI 2009-01-16 00:25 . 2009-01-16 00:25 126 --a------ c:\windows\mdm.ini 2009-01-16 00:23 . 2009-01-16 00:23 <DIR> d-------- c:\program files\Web Publish 2009-01-15 22:01 . 2009-01-16 20:55 959 --a------ C:\rollback.ini 2009-01-15 21:16 . 2009-01-15 21:16 38,805 --a------ c:\windows\FontData.fdb 2009-01-15 19:31 . 2009-01-15 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier 2009-01-15 19:31 . 2008-08-10 21:42 72,592 --a------ c:\windows\zllsputility.exe 2009-01-15 19:31 . 2009-01-16 00:51 4,212 --ah----- c:\windows\system32\zllictbl.dat 2009-01-15 19:30 . 2009-01-16 14:47 <DIR> d-------- c:\windows\system32\ZoneLabs 2009-01-15 19:30 . 2009-01-15 19:30 <DIR> d-------- c:\program files\Zone Labs 2009-01-15 19:30 . 2008-08-10 21:42 1,221,008 --a------ c:\windows\system32\zpeng25.dll 2009-01-15 19:30 . 2009-01-16 14:12 349,222 --a------ c:\windows\system32\vsconfig.xml 2009-01-15 19:29 . 2009-01-16 20:56 <DIR> d-------- c:\windows\Internet Logs 2009-01-15 17:53 . 2009-01-15 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-15 17:34 . 2009-01-15 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-01-15 16:13 . 2009-01-15 16:14 69,240 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-01-15 15:40 . 2009-01-15 15:40 <DIR> d-------- C:\totalcmd 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\UC.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\RAR.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\PKZIP.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\PKUNZIP.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\NOCLOSE.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\LHA.PIF 2009-01-15 15:40 . 2007-01-01 06:56 545 --a------ c:\windows\ARJ.PIF 2009-01-15 15:40 . 2009-01-16 01:09 300 --a------ c:\windows\wincmd.ini 2009-01-15 03:12 . 2009-01-15 03:12 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2009-01-15 03:12 . 2009-01-15 03:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2009-01-15 03:07 . 2009-01-15 03:07 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-01-15 03:06 . 2009-01-15 03:15 <DIR> d-------- c:\program files\Common Files\Adobe 2009-01-15 02:47 . 2009-01-15 02:50 <DIR> d-------- c:\program files\eMule 2009-01-15 02:11 . 2009-01-15 02:39 <DIR> d-------- c:\program files\MySQL-Front 2009-01-15 02:11 . 2009-01-15 02:13 <DIR> d-------- c:\documents and settings\dzona\Application Data\MySQL-Front 2009-01-15 01:46 . 2009-01-15 01:46 <DIR> d-------- c:\program files\MySQL 2009-01-15 01:46 . 2009-01-15 01:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\MySQL 2009-01-15 01:41 . 2009-01-15 01:41 <DIR> d-------- c:\program files\MSECache 2009-01-15 01:40 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-01-15 01:38 . 2009-01-15 01:38 <DIR> d-------- c:\program files\MSBuild 2009-01-15 01:38 . 2009-01-15 01:38 <DIR> d-------- c:\program files\Microsoft Works 2009-01-15 01:33 . 2009-01-15 01:37 <DIR> d-------- c:\windows\SHELLNEW 2009-01-15 01:32 . 2009-01-15 01:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-15 01:31 . 2009-01-15 01:31 <DIR> dr-h----- C:\MSOCache 2009-01-15 01:14 . 2009-01-15 12:57 <DIR> d-------- c:\documents and settings\dzona\Contacts 2009-01-15 01:13 . 2009-01-15 01:13 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-01-15 01:13 . 2009-01-15 01:13 <DIR> d-------- c:\program files\MSN Messenger 2009-01-15 01:06 . 2009-01-15 01:06 <DIR> d-------- c:\program files\Babylon 2009-01-15 01:06 . 2009-01-16 01:20 <DIR> d-------- c:\documents and settings\dzona\Application Data\Babylon 2009-01-15 01:06 . 2009-01-16 20:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Babylon 2009-01-15 01:05 . 2009-01-15 01:05 <DIR> d-------- c:\windows\SxsCaPendDel 2009-01-15 00:16 . 2009-01-15 00:16 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-14 22:23 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg 2009-01-14 22:20 . 2009-01-14 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2009-01-14 21:46 . 2009-01-14 21:46 <DIR> d-------- c:\documents and settings\dzona\Application Data\TuneUp Software 2009-01-14 21:46 . 2009-01-14 21:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-01-14 21:46 . 2009-01-14 21:46 306,432 --a------ c:\windows\system32\TuneUpDefragService.exe 2009-01-14 21:46 . 2007-12-20 10:41 29,440 --a------ c:\windows\system32\uxtuneup.dll 2009-01-14 21:45 . 2009-01-14 21:46 <DIR> d-------- c:\program files\TuneUp Utilities 2008 2009-01-14 21:45 . 2009-01-14 21:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-14 21:43 . 2009-01-15 21:10 56 -r-hs---- c:\windows\system32\326CC3F28F.sys 2009-01-14 21:40 . 2009-01-14 21:40 <DIR> d-------- c:\program files\Corel 2009-01-14 21:40 . 2009-01-14 21:40 <DIR> d-------- c:\program files\Common Files\Corel 2009-01-14 21:31 . 2009-01-14 21:31 <DIR> d-------- c:\documents and settings\dzona\Application Data\Corel 2009-01-14 21:31 . 2009-01-15 21:11 3,350 --ahs---- c:\windows\system32\KGyGaAvL.sys 2009-01-14 21:30 . 2009-01-14 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2009-01-14 21:28 . 2008-04-14 04:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-01-14 21:22 . 2009-01-14 21:22 <DIR> d-------- c:\program files\Alcohol Soft 2009-01-14 21:21 . 2009-01-14 21:21 715,248 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-14 16:07 . 2009-01-14 16:07 <DIR> d-------- c:\program files\Google 2009-01-14 15:56 . 2009-01-14 15:56 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-14 13:21 . 2009-01-14 13:21 <DIR> d-------- c:\windows\system32\Lang 2009-01-14 13:21 . 2009-01-14 13:21 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-01-14 13:21 . 2009-01-14 13:21 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-01-14 13:15 . 2009-01-14 13:15 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-14 13:08 . 2009-01-14 13:08 <DIR> d-------- c:\program files\Webteh 2009-01-14 12:52 . 2009-01-15 00:15 <DIR> d-------- c:\documents and settings\dzona\Tracing 2009-01-14 12:47 . 2009-01-14 12:47 <DIR> d-------- c:\documents and settings\dzona\Application Data\Star-Tools 2009-01-14 12:42 . 2009-01-14 12:43 <DIR> d-------- C:\xampp 2009-01-14 07:25 . 2009-01-16 03:45 <DIR> d-------- c:\program files\FreeRapid-0.71 2009-01-14 07:25 . 2009-01-14 07:25 <DIR> d-------- c:\documents and settings\dzona\Application Data\VitySoft 2009-01-14 07:18 . 2009-01-14 07:18 <DIR> d-------- c:\program files\Winamp 2009-01-14 07:18 . 2009-01-14 13:15 <DIR> d-------- c:\documents and settings\dzona\Application Data\Winamp 2009-01-14 07:11 . 2009-01-15 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-01-14 07:10 . 2008-02-21 23:03 69,632 --a------ c:\windows\system32\javacpl.cpl 2009-01-14 07:09 . 2009-01-14 07:10 <DIR> d-------- c:\program files\Java 2009-01-14 07:09 . 2009-01-14 07:09 <DIR> d-------- c:\program files\Common Files\Java 2009-01-14 07:05 . 2009-01-14 07:05 0 --a------ c:\windows\nsreg.dat 2009-01-14 06:58 . 2009-01-14 06:58 <DIR> d-------- c:\windows\system32\RTCOM 2009-01-14 06:58 . 2006-03-16 06:24 4,249,088 -r------- c:\windows\system32\drivers\RtkHDAud.Sys 2009-01-14 06:58 . 2006-03-09 10:45 364,544 -r------- c:\windows\RtlUpd.exe 2009-01-14 06:58 . 2005-10-31 11:17 135,168 -r------- c:\windows\system32\RtlCPAPI.dll 2009-01-14 06:58 . 2006-02-20 10:00 86,016 -r------- c:\windows\SoundMan.exe 2009-01-14 06:58 . 2005-07-15 09:48 40,960 -r------- c:\windows\system32\ChCfg.exe 2009-01-14 06:57 . 2009-01-14 06:57 <DIR> d-------- c:\program files\Realtek 2009-01-14 06:57 . 2006-03-14 10:01 16,010,752 -r------- c:\windows\RTHDCPL.exe 2009-01-14 06:57 . 2006-03-14 08:49 9,711,104 -r------- c:\windows\RTLCPL.exe 2009-01-14 06:57 . 2006-03-14 08:45 2,809,344 -r------- c:\windows\alcwzrd.exe 2009-01-14 06:57 . 2006-03-10 12:32 2,158,592 -r------- c:\windows\MicCal.exe 2009-01-14 06:57 . 2005-04-16 15:20 487,424 -r------- c:\windows\RtlExUpd.dll 2009-01-14 06:57 . 2005-09-21 03:25 299,008 -r------- c:\windows\system32\ALSndMgr.Cpl 2009-01-14 06:57 . 2006-01-10 06:58 266,240 -r------- c:\windows\system32\RTSndMgr.Cpl 2009-01-14 06:57 . 2005-05-03 11:43 69,632 -r------- c:\windows\Alcmtr.exe 2009-01-14 06:56 . 2005-11-16 09:08 78,976 --a------ c:\windows\system32\drivers\Rtenicxp.sys 2009-01-14 06:52 . 2009-01-14 06:52 <DIR> d-------- c:\program files\IVT Corporation 2009-01-14 06:52 . 2008-04-14 00:45 172,416 --a------ c:\windows\system32\drivers\kmixer.sys 2009-01-14 06:49 . 2009-01-14 06:49 <DIR> d-------- c:\windows\Options 2009-01-14 06:49 . 2005-09-26 05:21 1,145,728 -ra------ c:\windows\system32\drivers\AGRSM.sys 2009-01-14 06:49 . 2005-09-09 04:20 88,203 -ra------ c:\windows\AGRSMMSG.exe 2009-01-14 06:49 . 2005-05-02 05:10 68,096 --------- c:\windows\system32\agrsmdel.exe 2009-01-14 06:49 . 2005-05-02 05:10 68,096 -ra------ c:\windows\agrsmdel.exe 2009-01-14 00:10 . 2009-01-14 00:10 4,444 --a------ c:\windows\system32\pid.PNF 2009-01-14 00:09 . 2001-08-17 18:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys 2009-01-14 00:08 . 2008-04-14 10:42 74,240 --a------ c:\windows\system32\usbui.dll 2009-01-14 00:08 . 2008-04-14 05:10 57,600 --a------ c:\windows\system32\drivers\redbook.sys 2009-01-14 00:08 . 2008-04-14 05:06 14,208 --a------ c:\windows\system32\drivers\battc.sys 2009-01-14 00:08 . 2008-04-14 05:06 13,952 --a------ c:\windows\system32\drivers\CmBatt.sys 2009-01-14 00:08 . 2008-04-14 05:06 10,240 --a------ c:\windows\system32\drivers\compbatt.sys 2009-01-14 00:08 . 2001-08-17 18:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys 2009-01-14 00:06 . 2009-01-15 03:15 <DIR> dr------- c:\documents and settings\All Users\Documents 2009-01-14 00:05 . 2009-01-16 14:09 <DIR> d-------- c:\windows\system32\CatRoot2 2009-01-14 00:05 . 2009-01-15 17:08 <DIR> d-------- c:\windows\system32\CatRoot 2009-01-14 00:05 . 2009-01-16 14:10 <DIR> d--h----- c:\documents and settings\Default User 2009-01-14 00:05 . 2009-01-13 23:17 <DIR> d-------- c:\documents and settings\All Users 2009-01-14 00:05 . 2009-01-13 23:24 <DIR> d-------- C:\Documents and Settings 2009-01-14 00:05 . 2008-04-14 09:00 1,296,669 -ra------ c:\windows\SET3.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 20:30 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-14 05:57 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-13 22:31 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-01-13 22:31 --------- d-----w c:\program files\RALINK 2009-01-13 22:30 --------- d-----w c:\program files\ATI Technologies 2009-01-13 22:27 --------- d-----w c:\program files\AMD 2009-01-13 22:19 --------- d-----w c:\program files\microsoft frontpage 2009-01-13 22:13 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll 2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll 2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-16_14.09.33,98 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-16 13:05:48 284,316 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat + 2009-01-16 20:00:56 284,316 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat - 2009-01-15 21:03:17 10,753,182 ----a-w c:\windows\system32\ZoneLabs\spyware.dat + 2009-01-16 13:47:13 10,773,339 ----a-w c:\windows\system32\ZoneLabs\spyware.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-14 3960552] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-10 981904] "RTHDCPL"="RTHDCPL.EXE" [2006-03-14 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] --a------ 2007-11-21 03:11 3289088 c:\program files\Google\Google Talk\googletalk.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AGRSMMSG"=AGRSMMSG.exe "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\xampp\\apache\\bin\\apache.exe"= "c:\\xampp\\mysql\\bin\\mysqld.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"= "c:\\Documents and Settings\\dzona\\My Documents\\DesktopToolbar\\utorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3306:TCP"= 3306:TCP:MySQL Server R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056] R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-10 24636] S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-01-16 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm FF - ProfilePath - c:\documents and settings\dzona\Application Data\Mozilla\Firefox\Profiles\1gk3djcj.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.ba . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-16 21:02:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(772) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-01-16 21:03:37 ComboFix-quarantined-files.txt 2009-01-16 20:03:35 Pre-Run: 24.830.775.296 bytes free Post-Run: 24,818,577,408 bytes free 269

Profil

helen1 Poslao: 16 Jan 2009 21:42 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zipuj/raruj mi sledeci folder: C:\qoobox\quarantine i posalji mi ga preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

Starday Poslao: 17 Jan 2009 10:54 Idi na vrh
offline Starday Građanin Pridružio: 25 Okt 2006 Poruke: 276	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovao sam fajl sinoc. A evo sada kada sam palio racunar, opet se pali 10 min. :/

Profil

helen1 Poslao: 18 Jan 2009 11:08 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log je cist. Uradi jos ovo: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore A, sad zasto je usporen, to ne znam. Ako ce ti biti lakse ni moj komp u Beogradu se ne ukljucuje nista brze od tvog. Tog trojanca smo obrisali.

Profil

Starday Poslao: 18 Jan 2009 15:35 Idi na vrh
offline Starday Građanin Pridružio: 25 Okt 2006 Poruke: 276	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kaze da nema Comba ... Ali nije mi jasno, podignem sistem i onda se 10 puta sporije dize ... :/ Hvala na pomoci.

Profil

helen1 Poslao: 18 Jan 2009 15:47 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jesi kucao combofix /u?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa racunarom

Ko je trenutno na forumu

Ukupno su 830 korisnika na forumu :: 5 registrovanih, 4 sakrivenih i 821 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: DPera, Fabius, lcc, Milos82, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by