MyCity » Ambulanta -> Arhiva Ambulante » Provera log-a...komp usporen !

Provera log-a...komp usporen !

Napisano na dan: 21.12.2008

Strana:
1
2

Provera log-a...komp usporen !

Sledeća strana

Pagination

Odgovori

Strana:
1
2

andrej007 Poslao: 21 Dec 2008 23:58 Idi na vrh
offline andrej007 Građanin Pridružio: 13 Jan 2008 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:50, on 2008-12-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\WinFast\WFTVFM\WFWIZ.exe E:\INSTALL\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe D:\Documents and Settings\Ivan\My Documents\DAEMON Tools\daemon.exe C:\WINDOWS\system32\sabhost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Winamp\Winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ivan\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe, O1 - Hosts: 68.142.123.254 happysex.ch O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [Anti Mosquito] E:\INSTALL\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe O4 - HKLM\..\Run: [DAEMON Tools] "d:\Documents and Settings\Ivan\My Documents\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Audio Sound Blaster System] sabhost.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\RunServices: [Audio Sound Blaster System] sabhost.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7081 bytes

Profil

diarno Poslao: 22 Dec 2008 00:24 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Uradi sledece : Skinuti SDFix na Desktop. Dupli klik na SDFix.exe ce raspakovati program u folder C:\SDFix, osim ukoliko putanja nije drugacije odredjena pri raspakivanju. Restartovati kompjuter u Safe Mode Uci u folder u kojem je raspakovan SDFix i startovati RunThis.bat Stisnuti Y da bi se zapocelo skeniranje Nakon skeniranja ce se pojaviti poruka da ce kompjuter biti restartovan Pritisnuti bilo koji taster da bi se kompjuter restartovao Nakon restarta ce se automatski pokrenuti jos jedno skeniranje, i po njegovom zavrsetku ce se pojaviti poruka Finished Nakon ucitavanja desktop ikonica, na ekranu ce se pojaviti izvestaj. Izvestaj ce ujedno biti snimljen i kao Report.txt u folderu u kojem je SDFix raspakovan Iskopirati izvestaj u poruku na forumu, i postaviti i nov log programa HijackThis

Profil

andrej007 Poslao: 22 Dec 2008 00:49 Idi na vrh
offline andrej007 Građanin Pridružio: 13 Jan 2008 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! SDFix: Version 1.240 Run by Administrator on Sun 12/21/2008 at 12:34 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds - Deleted C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds - Deleted C:\WINDOWS\fxstaller.exe - Deleted C:\WINDOWS\system32\twain_32\local.ds - Deleted C:\WINDOWS\system32\twain_32\user.ds - Deleted C:\WINDOWS\system32\twain_32\user.ds.cla - Deleted C:\WINDOWS\system32\twext.exe - Deleted Folder C:\Documents and Settings\LocalService\Application Data\twain_32 - Removed Folder C:\Documents and Settings\NetworkService\Application Data\twain_32 - Removed Folder C:\WINDOWS\system32\twain_32 - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-21 00:37:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:bb,ca,6d,a0,39,ef,6e,5e,93,55,97,55,c8,fe,32,2a,df,6d,28,08,f0,.. "p0"="d:\Documents and Settings\Ivan\My Documents\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,af,45,a9,2e,04,32,f4,5d,d3,55,48,ca,51,f4,59,e5,31,.. "khjeh"=hex:27,47,a8,3e,e5,fb,7f,41,d8,57,ca,fb,fe,68,98,50,f2,61,23,fe,ba,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:35,98,3b,ec,32,d8,24,ca,fe,6a,6a,6f,36,13,b2,ac,f5,cd,d6,a9,5d,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv7000] "ServiceBinary"="C:\WINDOWS\system32\drivers\VDRV7000.SYS" "Group"="SCSI Miniport" "ImagePath"=str(2):"system32\DRIVERS\vdrv7000.sys" "ErrorControl"=dword:00000001 "Start"=dword:00000001 "Type"=dword:00000001 "Tag"=dword:00000040 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv7000\Enum] "Count"=dword:00000000 "NextInstance"=dword:00000000 "INITSTARTFAILED"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv7000\parameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv7000\security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:bb,ca,6d,a0,39,ef,6e,5e,93,55,97,55,c8,fe,32,2a,df,6d,28,08,f0,.. "p0"="d:\Documents and Settings\Ivan\My Documents\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,af,45,a9,2e,04,32,f4,5d,d3,55,48,ca,51,f4,59,e5,31,.. "khjeh"=hex:27,47,a8,3e,e5,fb,7f,41,d8,57,ca,fb,fe,68,98,50,f2,61,23,fe,ba,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:35,98,3b,ec,32,d8,24,ca,fe,6a,6a,6f,36,13,b2,ac,f5,cd,d6,a9,5d,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv7000] "ServiceBinary"="C:\WINDOWS\system32\drivers\VDRV7000.SYS" "Group"="SCSI Miniport" "ImagePath"=str(2):"system32\DRIVERS\vdrv7000.sys" "ErrorControl"=dword:00000001 "Start"=dword:00000001 "Type"=dword:00000001 "Tag"=dword:00000040 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv7000\Enum] "Count"=dword:00000000 "NextInstance"=dword:00000000 "INITSTARTFAILED"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv7000\parameters] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv7000\security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\Professional §©®ÎÞt v.3 Black\\mirc.exe"="C:\\Program Files\\Professional §©®ÎÞt v.3 Black\\mirc.exe::Enabled:mIRC" "C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe::Enabled:Half-Life Launcher" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe::Enabled:BlueSoleil" "C:\\Program Files\\Valve\\hlds.exe"="C:\\Program Files\\Valve\\hlds.exe::Enabled:HLDS Launcher" "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe::Disabled:Opera Internet Browser" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe::Enabled:Remote Assistance - Windows Messenger and Voice" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe::Disabled:Firefox" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe::Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe::Enabled:Half-Life Launcher" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe::Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 5 Sep 2000 532,480 A..H. --- "C:\(film-za-odrasle)-ic\(film-za-odrasle)-java\autorun.exe" Thu 18 Oct 2001 172,032 A..H. --- "C:\(film-za-odrasle)-ic\PRIVATE\autorun.exe" Thu 18 Oct 2001 172,032 A..H. --- "C:\(film-za-odrasle)-ic\severina xxx\autorun.exe" Tue 5 Sep 2000 532,480 A..H. --- "C:\(film-za-odrasle)-ic\svrsavanje\autorun.exe" Wed 13 Jun 2007 933,888 ..SHR --- "C:\WINDOWS\system32\sabhost.exe" Sat 22 Dec 2001 579,236 A..H. --- "C:\(film-za-odrasle)-ic\(film-za-odrasle)-java\codec\Register_DivX.exe" Thu 16 Dec 1999 19,968 A..H. --- "C:\(film-za-odrasle)-ic\(film-za-odrasle)-java\codec\SetStereo.exe" Sun 25 Mar 2001 712,192 A..H. --- "C:\(film-za-odrasle)-ic\(film-za-odrasle)-java\player\MDVDP.exe" Wed 16 Jan 2002 579,236 A..H. --- "C:\(film-za-odrasle)-ic\PRIVATE\codec\DivX412Codec.exe" Sat 25 Jan 2003 3,400,544 A..H. --- "C:\(film-za-odrasle)-ic\PRIVATE\codec\DivXPro503.exe" Fri 17 Jan 2003 638,351 A..H. --- "C:\(film-za-odrasle)-ic\PRIVATE\codec\FFDShow.exe" Wed 26 Mar 2003 417,833 A..H. --- "C:\(film-za-odrasle)-ic\PRIVATE\codec\XviD.exe" Sat 19 May 2001 812,544 A..H. --- "C:\(film-za-odrasle)-ic\PRIVATE\film\MDVDP.EXE" Wed 21 May 2003 282,995 A..H. --- "C:\(film-za-odrasle)-ic\severina xxx\codec\AC3 Filter_0_68b-Novi.exe" Mon 23 Jun 2003 683,076 A..H. --- "C:\(film-za-odrasle)-ic\severina xxx\codec\ffdshow 20030523.exe" Sat 3 Aug 2002 352,733 A..H. --- "C:\(film-za-odrasle)-ic\severina xxx\codec\XviD_01.08.2002.-1.exe" Wed 26 Feb 2003 776,192 A..H. --- "C:\(film-za-odrasle)-ic\severina xxx\film\Mv2Player.exe" Sat 22 Dec 2001 579,236 A..H. --- "C:\(film-za-odrasle)-ic\svrsavanje\codec\Register_DivX.exe" Thu 16 Dec 1999 19,968 A..H. --- "C:\(film-za-odrasle)-ic\svrsavanje\codec\SetStereo.exe" Sun 25 Mar 2001 712,192 A..H. --- "C:\(film-za-odrasle)-ic\svrsavanje\player\MDVDP.exe" Mon 21 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 13 Dec 2001 53,248 A..H. --- "C:\(film-za-odrasle)-ic\PRIVATE\codec\Ac3\ac3-install.exe" Sat 4 Aug 2001 213,650 A..H. --- "C:\(film-za-odrasle)-ic\PRIVATE\codec\antifreeze\setup.exe" Fri 16 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1.tmp" Tue 29 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT1.tmp" Mon 21 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\85d72ebd3332986fe72a8378dc1d1a21\BIT1.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:42, on 2008-12-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\WinFast\WFTVFM\WFWIZ.exe E:\INSTALL\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe D:\Documents and Settings\Ivan\My Documents\DAEMON Tools\daemon.exe C:\WINDOWS\system32\sabhost.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ivan\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [Anti Mosquito] E:\INSTALL\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe O4 - HKLM\..\Run: [DAEMON Tools] "d:\Documents and Settings\Ivan\My Documents\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Audio Sound Blaster System] sabhost.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\RunServices: [Audio Sound Blaster System] sabhost.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6720 bytes

Profil

diarno Poslao: 22 Dec 2008 13:04 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preimenuj program Hijackthis.exe u TR3.exe . I okAci novi Hijackthis log.

Profil

andrej007 Poslao: 22 Dec 2008 13:35 Idi na vrh
offline andrej007 Građanin Pridružio: 13 Jan 2008 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:27, on 2008-12-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\WinFast\WFTVFM\WFWIZ.exe E:\INSTALL\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe D:\Documents and Settings\Ivan\My Documents\DAEMON Tools\daemon.exe C:\WINDOWS\system32\sabhost.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\Ivan\Desktop\TR3.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.live.com/sphome.aspx R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = search.live.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = search.live.com/sphome.aspx R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [Anti Mosquito] E:\INSTALL\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe O4 - HKLM\..\Run: [DAEMON Tools] "d:\Documents and Settings\Ivan\My Documents\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Audio Sound Blaster System] sabhost.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\RunServices: [Audio Sound Blaster System] sabhost.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7001 bytes

Profil

diarno Poslao: 22 Dec 2008 15:51 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

andrej007 Poslao: 23 Dec 2008 13:40 Idi na vrh
offline andrej007 Građanin Pridružio: 13 Jan 2008 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-21.04 - Ivan 2008-12-21 22:17:28.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.251 [GMT 1:00] Running from: c:\documents and settings\Ivan\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\drivers\npf.sys c:\windows\system32\ekkoeaeb.ini c:\windows\system32\packet.dll c:\windows\system32\paso.el c:\windows\system32\tmp79.tmp c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 ))))))))))))))))))))))))))))))) . 2008-12-21 17:25 . 2008-12-21 17:25 <DIR> d-------- c:\documents and settings\Freeloader 2008-12-21 13:20 . 2008-12-21 21:29 <DIR> d-------- c:\documents and settings\Ivan\Tracing 2008-12-21 13:17 . 2008-12-21 13:17 <DIR> d-------- c:\program files\Windows Live SkyDrive 2008-12-21 13:17 . 2008-12-21 13:17 <DIR> d-------- c:\program files\Microsoft 2008-12-21 12:50 . 2008-12-21 12:50 <DIR> d-------- c:\program files\Common Files\Windows Live 2008-12-21 00:33 . 2008-12-21 00:33 <DIR> d-------- c:\windows\ERUNT 2008-12-21 00:32 . 2008-12-21 00:32 <DIR> d-------- c:\documents and settings\Administrator 2008-12-21 00:28 . 2008-12-21 00:39 <DIR> d-------- C:\SDFix 2008-12-20 16:26 . 2008-12-20 16:26 <DIR> d-------- c:\program files\SweetIM 2008-12-14 23:49 . 2008-12-14 23:49 0 --a------ c:\windows\ynh.dx 2008-12-04 14:13 . 2008-12-04 14:13 8,704 --ahs---- c:\windows\Thumbs.db 2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll 2008-11-30 13:44 . 2008-12-05 15:59 <DIR> d-------- c:\program files\Valve 2008-11-26 19:08 . 2008-11-26 19:08 <DIR> d-------- c:\program files\Euro Truck Simulator 2008-11-26 19:07 . 2008-12-21 22:20 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-21 16:41 . 2008-11-21 16:41 268 --ah----- C:\sqmdata11.sqm 2008-11-21 16:41 . 2008-11-21 16:41 244 --ah----- C:\sqmnoopt11.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-21 21:20 88,704 ----a-w c:\windows\system32\packet.dll 2008-12-21 21:20 42,512 ----a-w c:\windows\system32\drivers\npf.sys 2008-12-21 21:20 240,240 ----a-w c:\windows\system32\wpcap.dll 2008-12-21 12:17 --------- d-----w c:\program files\Windows Live 2008-12-21 02:03 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-12-16 17:33 --------- d-----w c:\program files\Counter-Strike 1.6 2008-11-18 11:59 --------- d-----w c:\program files\Google 2008-11-18 11:57 --------- d-----w c:\program files\Windows Live Toolbar 2008-11-18 11:56 --------- d-----w c:\program files\QuickTime 2008-11-17 11:39 25,740 ----a-w c:\windows\system32\winsy.exe 2008-11-16 00:27 --------- d-----w c:\documents and settings\Ivan\Application Data\Xilisoft Corporation 2008-10-26 12:05 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-26 10:06 --------- d-----w c:\program files\D-Tools 2008-10-26 10:04 223,128 ----a-w c:\windows\system32\drivers\dtscsi.sys 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 23:55 --------- d-----w c:\program files\Mv2Player 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-26 17:40 330,209 ----a-w c:\windows\system32\install_flash_player.exe 2007-12-24 13:07 22,328 ----a-w c:\documents and settings\Ivan\Application Data\PnkBstrK.sys 2008-12-18 13:00 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-18 13:00 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-18 13:00 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-18 13:00 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-18 13:00 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2007-06-13 10:23 933,888 --sh--r c:\windows\system32\sabhost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-02-08 57344] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-28 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-12-31 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-04 4554752] "WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-04-27 344064] "Anti Mosquito"="e:\install\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe" [2001-12-19 258048] "DAEMON Tools"="d:\documents and settings\Ivan\My Documents\DAEMON Tools\daemon.exe" [2005-11-08 128920] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE] "Audio Sound Blaster System"="sabhost.exe" [2007-06-13 c:\windows\system32\sabhost.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Audio Sound Blaster System"="sabhost.exe" [2007-06-13 c:\windows\system32\sabhost.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i263_32.drv "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-28 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-28 20560] R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2007-11-29 59776] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2007-11-29 19456] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys [2007-11-29 9600] R3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2007-11-30 30336] R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2007-11-29 9446] S1 vdrv7000;vdrv7000;c:\windows\system32\DRIVERS\vdrv7000.sys [] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-12-21 42512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8254a0a9-9e4a-11dc-aa3e-806d6172696f}] \Shell\AutoRun\command - F:\ASUSACPI.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe . ------- Supplementary Scan ------- . mStart Page = hxxp://home.sweetim.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\eineu9mh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://mail.nadlanu.com/uwc/auth FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-21 22:20:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Anti Mosquito = e:\install\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background? scanning hidden files ... c:\windows\system32\wpcap.dll 240240 bytes executable scan completed successfully hidden files: 1 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vdrv7000] "ImagePath"="system32\DRIVERS\vdrv7000.sys" . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\ATKKBService.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wdfmgr.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\WgaTray.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-12-21 22:22:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-21 21:22:17 Pre-Run: 30,626,484,224 bytes free Post-Run: 31,257,686,016 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 199 --- E O F --- 2008-11-12 02:02:19 Dopuna: 23 Dec 2008 13:40 milsim da sam ostao zaboravljen ....

Profil

diarno Poslao: 23 Dec 2008 14:57 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! IZvini, ja juce nisam imao vremena za forum. A danas cu ti se javiti posle 16h sa daljim instrukcijama. Moram da sacekam kolege da se konsultujem sa njima Dopuna: 23 Dec 2008 14:57 Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\winsy.exe c:\windows\system32\sabhost.exe c:\windows\system32\install_flash_player.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Audio Sound Blaster System"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Audio Sound Blaster System"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

andrej007 Poslao: 23 Dec 2008 17:57 Idi na vrh
offline andrej007 Građanin Pridružio: 13 Jan 2008 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! IzVini nisam bash mogao tacno oko 16 ali evo me ... ComboFix 08-12-21.04 - Ivan 2008-12-22 17:44:15.10 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.251 [GMT 1:00] Running from: c:\documents and settings\Ivan\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ivan\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\system32\install_flash_player.exe c:\windows\system32\sabhost.exe c:\windows\system32\winsy.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\npf.sys c:\windows\system32\install_flash_player.exe c:\windows\system32\packet.dll c:\windows\system32\sabhost.exe c:\windows\system32\winsy.exe c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 ))))))))))))))))))))))))))))))) . 2008-12-21 13:20 . 2008-12-22 17:47 <DIR> d-------- c:\documents and settings\Ivan\Tracing 2008-12-21 13:17 . 2008-12-21 13:17 <DIR> d-------- c:\program files\Windows Live SkyDrive 2008-12-21 13:17 . 2008-12-21 13:17 <DIR> d-------- c:\program files\Microsoft 2008-12-21 12:50 . 2008-12-21 12:50 <DIR> d-------- c:\program files\Common Files\Windows Live 2008-12-21 00:33 . 2008-12-21 00:33 <DIR> d-------- c:\windows\ERUNT 2008-12-20 16:26 . 2008-12-20 16:26 <DIR> d-------- c:\program files\SweetIM 2008-12-14 23:49 . 2008-12-14 23:49 0 --a------ c:\windows\ynh.dx 2008-12-04 14:13 . 2008-12-04 14:13 8,704 --ahs---- c:\windows\Thumbs.db 2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll 2008-11-26 19:08 . 2008-11-26 19:08 <DIR> d-------- c:\program files\Euro Truck Simulator 2008-11-26 19:07 . 2008-12-22 13:28 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-22 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-12-21 12:17 --------- d-----w c:\program files\Windows Live 2008-12-16 17:33 --------- d-----w c:\program files\Counter-Strike 1.6 2008-11-18 11:59 --------- d-----w c:\program files\Google 2008-11-18 11:57 --------- d-----w c:\program files\Windows Live Toolbar 2008-11-18 11:56 --------- d-----w c:\program files\QuickTime 2008-11-16 00:27 --------- d-----w c:\documents and settings\Ivan\Application Data\Xilisoft Corporation 2008-10-26 12:05 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-26 10:06 --------- d-----w c:\program files\D-Tools 2008-10-26 10:04 223,128 ----a-w c:\windows\system32\drivers\dtscsi.sys 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 23:55 --------- d-----w c:\program files\Mv2Player 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2007-12-24 13:07 22,328 ----a-w c:\documents and settings\Ivan\Application Data\PnkBstrK.sys 2008-12-18 13:00 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-18 13:00 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-18 13:00 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-18 13:00 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-18 13:00 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-02-08 57344] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-28 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-12-31 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-04 4554752] "WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-04-27 344064] "Anti Mosquito"="e:\install\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe" [2001-12-19 258048] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i263_32.drv "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-28 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-28 20560] R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2007-11-29 59776] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2007-11-29 19456] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys [2007-11-29 9600] R3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2007-11-30 30336] R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2007-11-29 9446] S1 vdrv7000;vdrv7000;c:\windows\system32\DRIVERS\vdrv7000.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8254a0a9-9e4a-11dc-aa3e-806d6172696f}] \Shell\AutoRun\command - F:\ASUSACPI.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe . ------- Supplementary Scan ------- . mStart Page = hxxp://home.sweetim.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\eineu9mh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://mail.nadlanu.com/uwc/auth FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-22 17:47:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Anti Mosquito = e:\install\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vdrv7000] "ImagePath"="system32\DRIVERS\vdrv7000.sys" . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\ATKKBService.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wdfmgr.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\WgaTray.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-12-22 17:49:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-22 16:49:01 Pre-Run: 34,573,692,928 bytes free Post-Run: 34,562,326,528 bytes free 176 --- E O F --- 2008-11-12 02:02:19

Profil

diarno Poslao: 23 Dec 2008 19:57 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Provera log-a...komp usporen !

Ko je trenutno na forumu

Ukupno su 850 korisnika na forumu :: 8 registrovanih, 1 sakriven i 841 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Dorcolac, DPera, DragoslavS, HrcAk47, Mi lao shu, novator, ozzy, yrraf

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by