Poslao: 09 Apr 2011 14:49
|
offline
- Pridružio: 15 Mar 2009
- Poruke: 60
|
kada pokrenem gmer kompijuter se restartuje!!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by sibin at 14:32:46.22 on Sat 04/09/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.482 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\My Documents\Downloads\dds.pif
.
============== Pseudo HJT Report ===============
.
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sibin\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sibin\applic~1\mozilla\firefox\profiles\zzwyzk2e.default\
FF - plugin: c:\documents and settings\sibin\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\sibin\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
.
=============== Created Last 30 ================
.
2011-04-09 12:32:41 -------- d--h--w- c:\windows\PIF
2011-04-08 21:42:21 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Adobe
2011-04-07 13:55:20 -------- d-----w- c:\program files\ESET
2011-04-07 10:12:13 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-04-07 10:12:13 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-04-07 10:12:10 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-04-07 10:12:10 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-04-06 09:15:23 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Identities
2011-04-05 13:46:05 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-04-04 16:24:30 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Yahoo
2011-04-04 16:06:12 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Yahoo!
2011-04-04 16:02:01 -------- d-----w- c:\program files\Yahoo!
2011-04-04 13:33:24 -------- d-----w- c:\program files\Garena
2011-04-04 13:03:01 -------- d-----w- c:\program files\uTorrent
2011-04-04 13:02:31 -------- d-----w- c:\docume~1\sibin\applic~1\uTorrent
2011-04-04 12:52:12 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-04 12:52:12 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-04 12:46:52 -------- d-----w- c:\program files\directx
2011-04-04 10:32:50 -------- d-----w- c:\docume~1\sibin\applic~1\Malwarebytes
2011-04-04 10:32:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 10:32:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-04 10:32:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 10:32:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-03 22:27:57 48128 ----a-w- c:\windows\system32\Remove.exe
2011-04-03 22:27:55 129024 ----a-w- c:\windows\system32\SP7302.AX
2011-04-03 22:27:55 -------- d-----w- c:\program files\ANC
2011-04-03 22:27:54 14336 ----a-w- c:\windows\system32\P7302USD.dll
2011-04-03 22:27:54 -------- d-----w- c:\program files\common files\PAC7302
2011-04-03 22:27:43 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-04-03 19:34:41 -------- d-----w- c:\documents and settings\sibin\Tracing
2011-04-03 19:33:43 -------- d-----w- c:\program files\Microsoft
2011-04-03 19:33:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-04-03 19:32:44 4927864 ----a-w- c:\program files\common files\windows live\.cache\e78dfd301cbf235\Silverlight.2.0.exe
2011-04-03 19:27:38 -------- d-----w- c:\program files\common files\Windows Live
2011-04-03 19:21:33 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-04-03 19:21:33 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-04-03 19:20:38 -------- d-----r- c:\program files\Skype
2011-04-03 18:47:02 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Temp
2011-04-03 18:46:59 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Google
2011-04-03 18:46:45 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Deployment
2011-04-03 18:40:32 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-04-03 18:40:32 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-04-03 18:40:32 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-04-03 18:40:32 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-04-03 18:40:32 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-04-03 18:40:32 28672 ----a-w- c:\windows\system32\vidcap.ax
.
==================== Find3M ====================
.
2011-03-31 16:29:35 0 ----a-w- c:\windows\ativpsrm.bin
2011-01-13 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
.
============= FINISH: 14:33:28.74 ===============
mycity.rs/must-login.png
|
|
|
|
|
|
Poslao: 12 Apr 2011 13:54
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
Kao sto rekoh, opet otvori Uputstvo i isprati detaljno Korak 3.
Ukoliko ne mozes da pokrenes GMER, (tamo lepo pise) postavi log RootRepeal-a.
goran9888 (AMF Tim)
|
|
|
|
Poslao: 12 Apr 2011 14:12
|
offline
- Pridružio: 15 Mar 2009
- Poruke: 60
|
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by sibin at 14:00:06.78 on Tue 04/12/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.548 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\sibin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sibin\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sibin\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sibin\applic~1\mozilla\firefox\profiles\zzwyzk2e.default\
FF - plugin: c:\documents and settings\sibin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\sibin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\sibin\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\sibin\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
.
=============== Created Last 30 ================
.
2011-04-12 10:19:29 -------- d-----w- c:\windows\system32\appmgmt
2011-04-09 21:08:59 -------- d-----w- c:\program files\CCleaner
2011-04-09 12:32:41 -------- d--h--w- c:\windows\PIF
2011-04-08 21:42:21 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Adobe
2011-04-07 13:55:20 -------- d-----w- c:\program files\ESET
2011-04-07 10:12:13 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-04-07 10:12:13 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-04-07 10:12:10 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-04-07 10:12:10 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-04-06 09:15:23 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Identities
2011-04-05 13:46:05 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-04-04 16:24:30 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Yahoo
2011-04-04 16:02:01 -------- d-----w- c:\program files\Yahoo!
2011-04-04 13:33:24 -------- d-----w- c:\program files\Garena
2011-04-04 13:03:01 -------- d-----w- c:\program files\uTorrent
2011-04-04 13:02:31 -------- d-----w- c:\docume~1\sibin\applic~1\uTorrent
2011-04-04 12:52:12 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-04 12:52:12 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-04 12:46:52 -------- d-----w- c:\program files\directx
2011-04-04 10:32:50 -------- d-----w- c:\docume~1\sibin\applic~1\Malwarebytes
2011-04-04 10:32:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 10:32:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-04 10:32:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 10:32:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-03 22:27:57 48128 ----a-w- c:\windows\system32\Remove.exe
2011-04-03 22:27:55 129024 ----a-w- c:\windows\system32\SP7302.AX
2011-04-03 22:27:55 -------- d-----w- c:\program files\ANC
2011-04-03 22:27:54 14336 ----a-w- c:\windows\system32\P7302USD.dll
2011-04-03 22:27:54 -------- d-----w- c:\program files\common files\PAC7302
2011-04-03 22:27:43 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-04-03 19:34:41 -------- d-----w- c:\documents and settings\sibin\Tracing
2011-04-03 19:33:43 -------- d-----w- c:\program files\Microsoft
2011-04-03 19:33:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-04-03 19:32:44 4927864 ----a-w- c:\program files\common files\windows live\.cache\e78dfd301cbf235\Silverlight.2.0.exe
2011-04-03 19:27:38 -------- d-----w- c:\program files\common files\Windows Live
2011-04-03 19:21:33 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-04-03 19:21:33 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-04-03 19:20:38 -------- d-----r- c:\program files\Skype
2011-04-03 18:47:02 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Temp
2011-04-03 18:46:59 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Google
2011-04-03 18:46:45 -------- d-----w- c:\docume~1\sibin\locals~1\applic~1\Deployment
2011-04-03 18:40:32 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-04-03 18:40:32 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-04-03 18:40:32 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-04-03 18:40:32 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-04-03 18:40:32 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-04-03 18:40:32 28672 ----a-w- c:\windows\system32\vidcap.ax
.
==================== Find3M ====================
.
2011-03-31 16:29:35 0 ----a-w- c:\windows\ativpsrm.bin
2011-01-13 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
.
============= FINISH: 14:00:51.54 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
|
|
|