MyCity » Ambulanta -> Arhiva Ambulante » Usporen komp.

Usporen komp.

Napisano na dan: 19.11.2009

Usporen komp.

Sledeća strana

Pagination

Odgovori

Duhamel Poslao: 19 Nov 2009 19:24 Idi na vrh
offline Duhamel Građanin Pridružio: 19 Nov 2009 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pre par dan komp mi je znacajno usporio tako da ,,koci,, pri otvaranju fajlova a desi se i da skroz zablokira...... DDS (Ver_09-10-26.01) - NTFSx86 Run by PC_ at 17:55:04.68 on Thu 11/19/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.613 [GMT 1:00] AV: ESET NOD32 antivirus system 2.70 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: COMODO Firewall Pro enabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\PC_\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com/?o=14090&l=dis uSearch Page = uSearch Bar = uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N mPolicies-system: DisableCAD = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: c:\windows\system32\imon.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\pc_\applic~1\mozilla\firefox\profiles\3yvw3md4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - XfireXO Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-server - 3 ============= SERVICES / DRIVERS =============== R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-8-19 15424] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-10-7 61424] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-10-13 604488] SUnknown vqknvzt;vqknvzt; [x] =============== Created Last 30 ================ 2009-11-19 03:47:43 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2009-11-19 03:47:43 75264 ----a-w- c:\windows\system32\unacev2.dll 2009-11-19 03:47:43 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-11-19 03:47:43 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-11-19 03:47:43 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2009-11-19 03:47:11 0 d-----w- c:\program files\Trojan Remover 2009-11-19 03:47:11 0 d-----w- c:\docume~1\pc_\applic~1\Simply Super Software 2009-11-19 03:47:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software 2009-11-16 10:02:03 21124 ------w- c:\windows\hpomdl07.dat 2009-11-16 10:02:03 111966 ----a-w- c:\windows\hpoins07.dat 2009-11-14 06:49:06 0 d-----w- c:\program files\Conduit 2009-11-14 06:49:03 0 d-----w- c:\program files\XfireXO 2009-11-14 03:10:28 0 d-----w- c:\program files\TimeAdjuster 2009-11-14 02:56:45 0 d-----w- c:\program files\URUSoft 2009-11-11 09:22:32 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-11-11 09:22:09 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-11-09 05:25:38 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS ==================== Find3M ==================== 2009-10-13 18:54:16 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-10-13 18:54:12 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-08-19 13:07:24 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat 2009-08-19 13:07:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2009-08-19 13:07:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009081920090820\index.dat 2009-08-19 13:07:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 17:55:21.05 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

helen1 Poslao: 19 Nov 2009 19:35 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo i dobrodosao/la na forum. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Duhamel Poslao: 19 Nov 2009 20:53 Idi na vrh
offline Duhamel Građanin Pridružio: 19 Nov 2009 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-11-19.01 - PC_ 11/19/2009 20:39.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.680 [GMT 1:00] Running from: c:\documents and settings\PC_\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: COMODO Firewall Pro enabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 ))))))))))))))))))))))))))))))) . 2009-11-19 04:08 . 2009-09-21 14:59 3101560 ----a-w- c:\documents and settings\PC_\Application Data\Simply Super Software\Trojan Remover\rwp1.exe 2009-11-19 03:47 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-11-19 03:47 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-11-19 03:47 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2009-11-19 03:47 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2009-11-19 03:47 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\program files\Trojan Remover 2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\documents and settings\PC_\Application Data\Simply Super Software 2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-11-16 10:02 . 2009-11-16 10:02 111966 ----a-w- c:\windows\hpoins07.dat 2009-11-16 10:02 . 2005-05-24 02:48 21124 ------w- c:\windows\hpomdl07.dat 2009-11-16 10:01 . 2009-11-16 10:01 -------- d-----w- c:\documents and settings\PC_\Application Data\HP 2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\program files\Conduit 2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\documents and settings\PC_\Local Settings\Application Data\Conduit 2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\documents and settings\PC_\Local Settings\Application Data\XfireXO 2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\program files\XfireXO 2009-11-14 03:10 . 2009-11-18 22:38 -------- d-----w- c:\program files\TimeAdjuster 2009-11-14 02:56 . 2009-11-14 03:09 -------- d-----w- c:\program files\URUSoft 2009-11-11 09:22 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-11-11 09:22 . 2008-04-22 12:09 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-11-09 05:25 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS 2009-10-29 04:03 . 2009-10-29 04:03 -------- d-----w- c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-19 16:37 . 2009-08-19 13:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp 2009-10-24 07:42 . 2009-08-19 13:29 -------- d-----w- c:\program files\The KMPlayer 2009-10-13 18:54 . 2009-10-13 18:54 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-10-13 18:54 . 2009-10-13 18:54 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-10-13 18:54 . 2009-10-13 18:54 -------- d-----w- c:\documents and settings\PC_\Application Data\TuneUp Software 2009-10-13 18:54 . 2009-10-13 18:53 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-10-13 18:53 . 2009-10-13 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-10-13 18:53 . 2009-10-13 18:53 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-10-12 15:42 . 2009-10-13 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2009-10-11 18:58 . 2009-10-11 18:54 -------- d-----w- c:\documents and settings\PC_\Application Data\vlc 2009-10-11 18:45 . 2009-10-11 18:43 -------- d-----w- c:\documents and settings\PC_\Application Data\MozillaControl 2009-10-11 18:43 . 2009-10-11 18:43 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12 2009-10-11 18:43 . 2009-10-11 18:23 -------- d-----w- c:\program files\Graboid 2009-10-11 18:28 . 2009-10-11 18:28 -------- d-----w- c:\program files\VideoLAN 2009-10-11 18:16 . 2009-10-11 18:03 -------- d-----w- c:\documents and settings\PC_\Application Data\uTorrent 2009-10-03 21:28 . 2009-10-03 21:28 -------- d-----w- c:\documents and settings\PC_\Application Data\Media Player Classic . ------- Sigcheck ------- [-] 2008-09-05 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] 2009-11-09 17:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-19 949376] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2005-01-01 149280] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-06-23 124928] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7369:TCP"= 7369:TCP:ulajafn R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [8/19/2009 2:30 PM 15424] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [10/7/2008 7:31 PM 61424] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [10/13/2009 7:54 PM 604488] --- Other Services/Drivers In Memory --- NewlyCreated - PXTDAPOW Deregistered - pxtdapow HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp vqknvzt . Contents of the 'Scheduled Tasks' folder 2009-11-19 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com/?o=14090&l=dis IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\PC_\Application Data\Mozilla\Firefox\Profiles\3yvw3md4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - XfireXO Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-server - 3 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-11-19 20:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(916) c:\windows\system32\imon.dll . Completion time: 2009-11-19 20:46 ComboFix-quarantined-files.txt 2009-11-19 19:46 Pre-Run: 2,947,706,880 bytes free Post-Run: 3,007,455,232 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 61E5D3409DCBDF94EAF26B6188B9CB26

Profil

helen1 Poslao: 20 Nov 2009 15:08 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7369:TCP"=- NetSvc:: vqknvzt` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Duhamel Poslao: 20 Nov 2009 20:04 Idi na vrh
offline Duhamel Građanin Pridružio: 19 Nov 2009 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-11-19.01 - PC_ 11/20/2009 8:38.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.569 [GMT 1:00] Running from: c:\documents and settings\PC_\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\PC_\Desktop\CFScript.txt AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: COMODO Firewall Pro enabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 ))))))))))))))))))))))))))))))) . 2009-11-19 23:59 . 2009-11-19 23:59 -------- d-----w- c:\windows\system32\wbem\snmp 2009-11-19 23:59 . 2009-11-19 23:59 -------- d-----w- c:\windows\system32\xircom 2009-11-19 23:59 . 2009-11-19 23:59 -------- d-----w- c:\program files\microsoft frontpage 2009-11-19 22:09 . 2007-05-26 11:32 26288 ----a-w- c:\windows\system32\wbload.dll 2009-11-19 22:08 . 2007-05-26 11:34 42672 ------w- c:\windows\system32\wbsys.dll 2009-11-19 22:08 . 2009-11-19 22:08 -------- d-----w- c:\program files\Stardock 2009-11-19 04:08 . 2009-09-21 14:59 3101560 ----a-w- c:\documents and settings\PC_\Application Data\Simply Super Software\Trojan Remover\rwp1.exe 2009-11-19 03:47 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-11-19 03:47 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-11-19 03:47 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2009-11-19 03:47 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2009-11-19 03:47 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\program files\Trojan Remover 2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\documents and settings\PC_\Application Data\Simply Super Software 2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-11-16 10:02 . 2009-11-16 10:02 111966 ----a-w- c:\windows\hpoins07.dat 2009-11-16 10:02 . 2005-05-24 02:48 21124 ------w- c:\windows\hpomdl07.dat 2009-11-16 10:01 . 2009-11-16 10:01 -------- d-----w- c:\documents and settings\PC_\Application Data\HP 2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\program files\Conduit 2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\documents and settings\PC_\Local Settings\Application Data\Conduit 2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\documents and settings\PC_\Local Settings\Application Data\XfireXO 2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\program files\XfireXO 2009-11-14 03:10 . 2009-11-18 22:38 -------- d-----w- c:\program files\TimeAdjuster 2009-11-14 02:56 . 2009-11-14 03:09 -------- d-----w- c:\program files\URUSoft 2009-11-11 09:22 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-11-11 09:22 . 2008-04-22 12:09 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-11-09 05:25 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS 2009-10-29 04:03 . 2009-10-29 04:03 -------- d-----w- c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-19 16:37 . 2009-08-19 13:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp 2009-10-24 07:42 . 2009-08-19 13:29 -------- d-----w- c:\program files\The KMPlayer 2009-10-13 18:54 . 2009-10-13 18:54 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-10-13 18:54 . 2009-10-13 18:54 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-10-13 18:54 . 2009-10-13 18:54 -------- d-----w- c:\documents and settings\PC_\Application Data\TuneUp Software 2009-10-13 18:54 . 2009-10-13 18:53 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-10-13 18:53 . 2009-10-13 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-10-13 18:53 . 2009-10-13 18:53 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-10-12 15:42 . 2009-10-13 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2009-10-11 18:58 . 2009-10-11 18:54 -------- d-----w- c:\documents and settings\PC_\Application Data\vlc 2009-10-11 18:45 . 2009-10-11 18:43 -------- d-----w- c:\documents and settings\PC_\Application Data\MozillaControl 2009-10-11 18:43 . 2009-10-11 18:43 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12 2009-10-11 18:43 . 2009-10-11 18:23 -------- d-----w- c:\program files\Graboid 2009-10-11 18:28 . 2009-10-11 18:28 -------- d-----w- c:\program files\VideoLAN 2009-10-11 18:16 . 2009-10-11 18:03 -------- d-----w- c:\documents and settings\PC_\Application Data\uTorrent 2009-10-03 21:28 . 2009-10-03 21:28 -------- d-----w- c:\documents and settings\PC_\Application Data\Media Player Classic . ------- Sigcheck ------- [-] 2008-09-05 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-11-19_19.45.06 ))))))))))))))))))))))))))))))))))))))))) . + 2004-12-31 23:01 . 2004-12-31 23:01 16384 c:\windows\Temp\Perflib_Perfdata_688.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] 2009-11-09 17:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Vista Rainbar"="d:\my documents\download section!!!!!!!\themes\Rainmeter\Rainmeter.exe" [2006-01-21 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-19 949376] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2005-01-01 149280] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-06-23 124928] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [8/19/2009 2:30 PM 15424] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [10/7/2008 7:31 PM 61424] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [10/13/2009 7:54 PM 604488] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2004-12-31 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com/?o=14090&l=dis IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\PC_\Application Data\Mozilla\Firefox\Profiles\3yvw3md4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - XfireXO Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-server - 3 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-11-20 08:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(780) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(868-) c:\windows\system32\imon.dll - - - - - - - > 'explorer.exe'(2348-) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll . Completion time: 2009-11-20 08:45 ComboFix-quarantined-files.txt 2009-11-20 07:45 ComboFix2.txt 2009-11-19 19:46 Pre-Run: 3,144,224,768 bytes free Post-Run: 3,117,162,496 bytes free - - End Of File - - 8E8BBA3F85CFDAA424CF44CA8C84DD94

Profil

helen1 Poslao: 20 Nov 2009 20:07 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ima li kakvog poboljsanja?

Profil

Duhamel Poslao: 20 Nov 2009 20:54 Idi na vrh
offline Duhamel Građanin Pridružio: 19 Nov 2009 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 20 Nov 2009 20:53 Sada je bolje,ali ne kao pre.... Hvala u svakom slucaju Dopuna: 20 Nov 2009 20:54 Sada je bolje,ali ne kao pre.... Hvala u svakom slucaju Da li da izbrisem combofix?

Profil

helen1 Poslao: 20 Nov 2009 21:03 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Usporen komp.

Ko je trenutno na forumu

Ukupno su 1065 korisnika na forumu :: 38 registrovanih, 4 sakrivenih i 1023 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, armor, arsa, babaroga, bojcistv, Boris90, comi_pfc, darkangel, DeerHunter, Denaya, DonRumataEstorski, Dorcolac, dragoljub11987, ikan, ivan979, Mercury, milimoj, Milos1389, milos97, milutin134, moldway, Nemanja.M, nenad81, Panter, pein, perko91, procesor, raptorsi, S-lash, SlaKoj, Stoilkovic, Tas011, Vatreni Zmaj, VJ, zdrebac, zlaya011, zodiac94, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by