MyCity » Ambulanta -> Arhiva Ambulante » [bobby]komp mi se ne ponasa normalno

[bobby]komp mi se ne ponasa normalno

Napisano na dan: 26.6.2008

Strana:
1
2

[bobby]komp mi se ne ponasa normalno

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Clark Poslao: 26 Jun 2008 21:56 Idi na vrh
offline Clark Novi MyCity građanin Pridružio: 26 Jun 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 21:39:16, on 26.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe C:\WINDOWS\system32\00THotkey.exe C:\Documents and Settings\M3\lsass.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\M3\Desktop\New Folder\TR3.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.net.rs:8080 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {98AE568E-97D9-4963-91F2-0E9EB8A7B2A8} - C:\WINDOWS\system32\qoMggdAq.dll O2 - BHO: (no name) - {D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2} - C:\WINDOWS\system32\opnnKcDt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\M3\lsass.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [BMe7fc2b52] Rundll32.exe "C:\WINDOWS\system32\vkueweao.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=www.google.com O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: opnnKcDt - C:\WINDOWS\SYSTEM32\opnnKcDt.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ADSL 512 net mi je sporiji nego na dial up-u. Izbacuje mi neke stranice sa antivirusnm programima. Pokusao sam skeniranje sa AV i Ad-aware, ali nije ocisceno. Svaka pomoc je dobrodosla. Hvala

Profil

bobby Poslao: 26 Jun 2008 22:12 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Clark Poslao: 26 Jun 2008 23:04 Idi na vrh
offline Clark Novi MyCity građanin Pridružio: 26 Jun 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-06-20.4 - M3 2008-06-26 22:38:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.565 [GMT 2:00] Running from: C:\Documents and Settings\M3\Desktop\New Folder\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Program Files\network monitor C:\Program Files\newdotnet C:\Program Files\newdotnet\readme.html C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\BMe7fc2b52.xml C:\WINDOWS\cookies.ini C:\WINDOWS\Fonts\' C:\WINDOWS\Fonts\a.zip C:\WINDOWS\pskt.ini C:\WINDOWS\system32\artcxfcu.ini C:\WINDOWS\system32\hsprurvj.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\nyyohlbp.ini C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\qAdggMoq.ini C:\WINDOWS\system32\qAdggMoq.ini2 ----- BITS: Possible infected sites ----- [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR ((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))) . 2008-06-26 22:51 . 2008-06-26 22:51 285,696 --a------ C:\WINDOWS\system32\ljJDtSjH.dll 2008-06-26 22:51 . 2008-06-26 22:51 347 --ahs---- C:\WINDOWS\system32\HjStDJjl.ini2 2008-06-26 22:51 . 2008-06-26 22:53 347 --ahs---- C:\WINDOWS\system32\HjStDJjl.ini 2008-06-26 20:03 . 2008-06-26 20:03 <DIR> d-------- C:\Documents and Settings\M3\Application Data\iolo 2008-06-26 20:03 . 2008-06-26 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-06-26 19:31 . 2007-03-09 01:02 75,512 --a------ C:\WINDOWS\zllsputility.exe 2008-06-26 19:25 . 2008-06-26 19:25 <DIR> d-------- C:\Program Files\Zone Labs 2008-06-26 15:59 . 2008-06-26 15:59 95,744 --a------ C:\WINDOWS\system32\vkueweao.dll 2008-06-25 20:26 . 2008-06-25 20:26 63,925 --a------ C:\WINDOWS\system32\{cb06620c-9c34-83db-e6f7-98b8e0e54e43}.dll-uninst.exe 2008-06-25 17:07 . 2008-06-25 17:08 <DIR> d-------- C:\Documents and Settings\Lalica\Application Data\LimeWire 2008-06-25 15:37 . 2008-06-25 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-25 15:37 . 2008-06-25 15:37 286,208 --a------ C:\WINDOWS\system32\qoMggdAq.dll 2008-06-25 15:36 . 2008-06-25 15:36 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-06-25 15:34 . 2008-06-26 17:14 <DIR> d--hs---- C:\WINDOWS\V2luWFBQcm9TUDI 2008-06-25 15:33 . 2008-06-26 13:53 <DIR> d-------- C:\WINDOWS\system32\vi 2008-06-25 15:33 . 2008-06-25 15:33 <DIR> d-------- C:\WINDOWS\system32\be 2008-06-25 15:33 . 2008-06-25 15:33 52,224 ---hs---- C:\Documents and Settings\M3\lsass.exe 2008-06-25 15:32 . 2008-06-26 13:53 <DIR> d-------- C:\WINDOWS\system32\modtrux18 2008-06-25 15:32 . 2008-06-25 15:33 <DIR> d----c--- C:\Temp\syschk3 2008-06-25 15:32 . 2008-06-26 22:38 <DIR> d----c--- C:\Temp 2008-06-25 15:32 . 2008-06-25 15:32 90,624 --a------ C:\WINDOWS\system32\opnnKcDt.dll 2008-06-25 01:07 . 2008-06-25 15:38 <DIR> d-------- C:\Program Files\LimeWire 2008-06-25 01:07 . 2008-06-26 22:38 <DIR> d-------- C:\Documents and Settings\M3\Application Data\LimeWire 2008-06-22 23:38 . 2008-06-26 19:46 <DIR> d-------- C:\Program Files\Avira 2008-06-22 23:38 . 2008-06-26 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-22 20:41 . 2008-06-22 20:41 <DIR> d-------- C:\Program Files\Opera 2008-06-22 18:10 . 2008-06-22 18:10 <DIR> d-------- C:\Program Files\uTorrent 2008-06-22 18:10 . 2008-06-23 06:06 <DIR> d-------- C:\Documents and Settings\M3\Application Data\uTorrent 2008-06-22 11:04 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-06-22 11:04 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-06-22 03:42 . 2008-06-22 23:49 <DIR> d-------- C:\Program Files\Alwil Software 2008-06-16 17:25 . 2008-06-16 17:25 <DIR> d-------- C:\Program Files\2 Find MP3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-26 20:45 537,600 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-06-26 20:45 1,294,848 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-06-25 17:49 --------- d-----w C:\Program Files\Kaspersky Lab 2008-06-23 01:21 --------- d-----w C:\Program Files\eMule 2008-06-22 20:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-22 19:24 --------- d-----w C:\Program Files\Lavasoft 2008-06-22 19:24 --------- d-----w C:\Documents and Settings\M3\Application Data\Lavasoft 2008-05-17 21:32 --------- d-----w C:\Program Files\Master Converter 2008-05-08 23:58 --------- d-----w C:\Program Files\Winamp 2008-05-03 21:33 --------- d-----w C:\Program Files\Free Hide Folder 2008-05-01 16:12 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-05-01 15:42 --------- d-----w C:\Program Files\PowerArchiver 2008-04-29 13:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-29 13:58 --------- d-----w C:\Program Files\DVD-RAM 2008-04-28 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show 2008-04-28 17:56 --------- d-----w C:\Program Files\Common Files\Vivendi Universal Games 2008-04-27 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-26 01:26 --------- d-----w C:\Program Files\www.freewordexcelpassword.com 2008-04-26 01:05 --------- d-----w C:\Program Files\Doc1 2007-06-20 11:35 87,608 ----a-w C:\Documents and Settings\M3\Application Data\inst.exe 2007-06-20 11:35 47,360 ----a-w C:\Documents and Settings\M3\Application Data\pcouffin.sys . ------- Sigcheck ------- 2005-03-02 20:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 17:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll 2005-03-02 20:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll 2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DEA061C-064D-4FAF-AF4E-1B517A236921}] 2008-06-26 22:51 285696 --a------ C:\WINDOWS\system32\ljJDtSjH.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98AE568E-97D9-4963-91F2-0E9EB8A7B2A8}] 2008-06-25 15:37 286208 --a------ C:\WINDOWS\system32\qoMggdAq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2}] 2008-06-25 15:32 90624 --a------ C:\WINDOWS\system32\opnnKcDt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14 1867776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-10 19:12 5419008] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-07 21:45 98304] "nwiz"="nwiz.exe" [2004-12-10 19:12 1490944 C:\WINDOWS\system32\nwiz.exe] "NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2004-12-10 19:12 49152] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 23:37 88363 C:\WINDOWS\agrsmmsg.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" [] "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 15:07 49152] "TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2004-10-06 18:48 331840] "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe] "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-08-11 10:36 253952] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "BMe7fc2b52"="C:\WINDOWS\system32\tujyxmtv.dll" [2008-06-26 22:54 95744] "e4cf18ce"="C:\WINDOWS\system32\kkhkttxo.dll" [2008-06-26 22:54 87040] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2008-04-29 15:58:41 155648] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2}"= C:\WINDOWS\system32\opnnKcDt.dll [2008-06-25 15:32 90624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnKcDt] opnnKcDt.dll 2008-06-25 15:32 90624 C:\WINDOWS\system32\opnnKcDt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ljJDtSjH [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Monitor.lnk] backup=C:\WINDOWS\pss\Bluetooth Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK] --a------ 2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey] --a------ 2004-08-11 10:36 253952 C:\WINDOWS\system32\00THotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2004-07-26 19:14 1867776 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2004-12-10 19:12 5419008 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2004-12-10 19:12 1490944 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-05-07 21:45 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 09:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosHKCW.exe] --a------ 2002-09-09 15:07 49152 C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) "FastUserSwitchingCompatibility"=3 (0x3) "CiSvc"=3 (0x3) "mnmsrvc"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-11-20 19:46] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-05-13 12:58] R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-09-27 11:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cec7017-07c8-11dd-a9bd-b77ca24eb84f}] \Shell\Auto\command - Long.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Long.exe . Contents of the 'Scheduled Tasks' folder "2008-01-20 11:24:08 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job" . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-06-26 22:52:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\opnnKcDt.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\kkhkttxo.dll -> C:\WINDOWS\system32\tujyxmtv.dll -> C:\WINDOWS\system32\ljJDtSjH.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-06-26 22:58:31 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-26 20:57:02 Pre-Run: 4,651,384,832 bytes free Post-Run: 5,583,687,680 bytes free 256 --- E O F --- 2007-08-03 02:21:24

Profil

bobby Poslao: 26 Jun 2008 23:43 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\opnnKcDt.dll C:\WINDOWS\system32\kkhkttxo.dll C:\WINDOWS\system32\tujyxmtv.dll C:\WINDOWS\system32\ljJDtSjH.dll C:\WINDOWS\system32\qoMggdAq.dll C:\Documents and Settings\M3\lsass.exe C:\WINDOWS\system32\ljJDtSjH.dll C:\WINDOWS\system32\HjStDJjl.ini2 C:\WINDOWS\system32\HjStDJjl.ini C:\WINDOWS\system32\vkueweao.dll C:\WINDOWS\system32\qoMggdAq.dll Folder:: C:\Temp C:\WINDOWS\system32\modtrux18 C:\WINDOWS\V2luWFBQcm9TUDI C:\WINDOWS\system32\vi C:\WINDOWS\system32\be Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DEA061C-064D-4FAF-AF4E-1B517A236921}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98AE568E-97D9-4963-91F2-0E9EB8A7B2A8}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BMe7fc2b52"=- "e4cf18ce"=- [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnKcDt] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Clark Poslao: 27 Jun 2008 03:22 Idi na vrh
offline Clark Novi MyCity građanin Pridružio: 26 Jun 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-06-20.4 - M3 2008-06-27 2:50:14.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.654 [GMT 2:00] Running from: C:\Documents and Settings\M3\Desktop\New Folder\ComboFix.exe Command switches used :: C:\Documents and Settings\M3\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\M3\lsass.exe C:\WINDOWS\system32\HjStDJjl.ini C:\WINDOWS\system32\HjStDJjl.ini2 C:\WINDOWS\system32\kkhkttxo.dll C:\WINDOWS\system32\ljJDtSjH.dll C:\WINDOWS\system32\opnnKcDt.dll C:\WINDOWS\system32\qoMggdAq.dll C:\WINDOWS\system32\tujyxmtv.dll C:\WINDOWS\system32\vkueweao.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\M3\lsass.exe C:\Documents and Settings\M3\My Documents\Muzika\Madredeus\Ainda\Desktop_.ini C:\Documents and Settings\M3\My Documents\Muzika\Madredeus\Antologia\Desktop_.ini C:\Documents and Settings\M3\My Documents\Muzika\Madredeus\Existir\Desktop_.ini C:\Documents and Settings\M3\My Documents\Muzika\Madredeus\Lisboa (Ao Vivo)\Desktop_.ini C:\Documents and Settings\M3\My Documents\Muzika\Madredeus\O Espirito Da Paz\Desktop_.ini C:\Documents and Settings\M3\My Documents\Muzika\Madredeus\O Paraiso\Desktop_.ini C:\Documents and Settings\M3\My Documents\Muzika\Madredeus\O Porto Ao Vivo 1998 CD1\Desktop_.ini C:\Documents and Settings\M3\My Documents\Muzika\Madredeus\O Porto Ao Vivo 1998 CD2\Desktop_.ini C:\Documents and Settings\M3\My Documents\Muzika\Madredeus\Os Dias De Madredeus\Desktop_.ini C:\Temp C:\Temp\syschk3\tdirp5.log C:\WINDOWS\BMe7fc2b52.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\be C:\WINDOWS\system32\kkhkttxo.dll C:\WINDOWS\system32\modtrux18 C:\WINDOWS\system32\opnnKcDt.dll C:\WINDOWS\system32\oxttkhkk.ini C:\WINDOWS\system32\qAdggMoq.ini C:\WINDOWS\system32\qAdggMoq.ini2 C:\WINDOWS\system32\qoMggdAq.dll C:\WINDOWS\system32\tujyxmtv.dll C:\WINDOWS\system32\vi C:\WINDOWS\system32\vkueweao.dll C:\WINDOWS\V2luWFBQcm9TUDI . ((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))) . 2008-06-26 20:03 . 2008-06-26 20:03 <DIR> d-------- C:\Documents and Settings\M3\Application Data\iolo 2008-06-26 20:03 . 2008-06-26 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-06-26 19:31 . 2007-03-09 01:02 75,512 --a------ C:\WINDOWS\zllsputility.exe 2008-06-26 19:25 . 2008-06-26 19:25 <DIR> d-------- C:\Program Files\Zone Labs 2008-06-25 20:26 . 2008-06-25 20:26 63,925 --a------ C:\WINDOWS\system32\{cb06620c-9c34-83db-e6f7-98b8e0e54e43}.dll-uninst.exe 2008-06-25 17:07 . 2008-06-25 17:08 <DIR> d-------- C:\Documents and Settings\Lalica\Application Data\LimeWire 2008-06-25 15:37 . 2008-06-25 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-25 15:36 . 2008-06-25 15:36 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-06-25 01:07 . 2008-06-25 15:38 <DIR> d-------- C:\Program Files\LimeWire 2008-06-25 01:07 . 2008-06-27 02:00 <DIR> d-------- C:\Documents and Settings\M3\Application Data\LimeWire 2008-06-22 23:38 . 2008-06-26 19:46 <DIR> d-------- C:\Program Files\Avira 2008-06-22 23:38 . 2008-06-26 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-22 20:41 . 2008-06-22 20:41 <DIR> d-------- C:\Program Files\Opera 2008-06-22 18:10 . 2008-06-22 18:10 <DIR> d-------- C:\Program Files\uTorrent 2008-06-22 18:10 . 2008-06-23 06:06 <DIR> d-------- C:\Documents and Settings\M3\Application Data\uTorrent 2008-06-22 11:04 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-06-22 11:04 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-06-22 03:42 . 2008-06-22 23:49 <DIR> d-------- C:\Program Files\Alwil Software 2008-06-16 17:25 . 2008-06-16 17:25 <DIR> d-------- C:\Program Files\2 Find MP3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-27 00:46 51,071 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_06_27_02_03_15_small.dmp.zip 2008-06-26 20:45 537,600 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-06-26 20:45 1,294,848 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-06-25 17:49 --------- d-----w C:\Program Files\Kaspersky Lab 2008-06-23 01:21 --------- d-----w C:\Program Files\eMule 2008-06-22 20:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-22 19:24 --------- d-----w C:\Program Files\Lavasoft 2008-06-22 19:24 --------- d-----w C:\Documents and Settings\M3\Application Data\Lavasoft 2008-05-17 21:32 --------- d-----w C:\Program Files\Master Converter 2008-05-08 23:58 --------- d-----w C:\Program Files\Winamp 2008-05-03 21:33 --------- d-----w C:\Program Files\Free Hide Folder 2008-05-01 16:12 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-05-01 15:42 --------- d-----w C:\Program Files\PowerArchiver 2008-04-29 13:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-29 13:58 --------- d-----w C:\Program Files\DVD-RAM 2008-04-28 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show 2008-04-28 17:56 --------- d-----w C:\Program Files\Common Files\Vivendi Universal Games 2008-04-27 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-06-20 11:35 87,608 ----a-w C:\Documents and Settings\M3\Application Data\inst.exe 2007-06-20 11:35 47,360 ----a-w C:\Documents and Settings\M3\Application Data\pcouffin.sys . ------- Sigcheck ------- 2005-03-02 20:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 17:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll 2005-03-02 20:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll 2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-26 20:46:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-27 01:06:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14 1867776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-10 19:12 5419008] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-07 21:45 98304] "nwiz"="nwiz.exe" [2004-12-10 19:12 1490944 C:\WINDOWS\system32\nwiz.exe] "NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2004-12-10 19:12 49152] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 23:37 88363 C:\WINDOWS\agrsmmsg.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" [] "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 15:07 49152] "TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2004-10-06 18:48 331840] "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe] "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-08-11 10:36 253952] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2008-04-29 15:58:41 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Monitor.lnk] backup=C:\WINDOWS\pss\Bluetooth Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK] --a------ 2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey] --a------ 2004-08-11 10:36 253952 C:\WINDOWS\system32\00THotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2004-07-26 19:14 1867776 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2004-12-10 19:12 5419008 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2004-12-10 19:12 1490944 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-05-07 21:45 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 09:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosHKCW.exe] --a------ 2002-09-09 15:07 49152 C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) "FastUserSwitchingCompatibility"=3 (0x3) "CiSvc"=3 (0x3) "mnmsrvc"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-11-20 19:46] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-05-13 12:58] R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-09-27 11:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cec7017-07c8-11dd-a9bd-b77ca24eb84f}] \Shell\Auto\command - Long.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Long.exe . Contents of the 'Scheduled Tasks' folder "2008-01-20 11:24:08 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job" . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-06-27 03:09:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-06-27 3:14:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-27 01:13:15 ComboFix2.txt 2008-06-26 20:58:32 Pre-Run: 5,674,213,376 bytes free Post-Run: 5,665,959,936 bytes free 231 --- E O F --- 2007-08-03 02:21:24 @Bobby Ukoliko sam te dobro razumeo, izvoli

Profil

bobby Poslao: 27 Jun 2008 07:59 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Rekao bih da je to - to. Kako ti se sada ponasa komp? Jel radi kako treba?

Profil

Clark Poslao: 27 Jun 2008 14:20 Idi na vrh
offline Clark Novi MyCity građanin Pridružio: 26 Jun 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Celo pre podne nisam mogao da ucitam nijednu sranicu na netu. Sada sam ga restartovao i izgleda da radi potpuno normalno. Hvala ti na pomoci i trudu. Da li je bio zarazen necime? Skenirao sam sa Trial Kaspersky 2009, Avirom i antispy programima i nisu pomogli. Uvek su nalazili nesto, ali nikada sve. Hvala jos jednom

Profil

bobby Poslao: 27 Jun 2008 15:00 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skeniraj veceras ponovo Combofixom i postavi mi ovde novi log, da vidim da li sam uspeo sve da sredim. Sto se tice toga cime je tvoj komp sve zarazen... Pa ima od svega po malo, ali me nista ne cudi s obzirom koliko P2P programa koristis. Iskreno, uplasio sam se kada sam video onoliko P2P programa, posto znam mali milion crva koji se sire putem P2P mreza. U svakom slucaju, veceras obavezno postavi novi log. Treba nakon toga da odradimo jos jedan korak.

Profil

Clark Poslao: 27 Jun 2008 23:05 Idi na vrh
offline Clark Novi MyCity građanin Pridružio: 26 Jun 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-06-20.4 - M3 2008-06-27 22:36:03.3 - NTFSx86 Running from: C:\Documents and Settings\M3\Desktop\New Folder\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\M3\Application Data\inst.exe . ((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))) . 2008-06-27 19:07 . 2008-06-27 19:07 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-06-27 14:27 . 2008-06-27 22:41 380,960 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-27 14:27 . 2008-06-27 22:09 4,556 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-27 14:26 . 2008-06-27 14:26 <DIR> d-------- C:\Program Files\ZoneAlarmSB 2008-06-27 14:24 . 2008-06-27 14:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-06-26 20:03 . 2008-06-26 20:03 <DIR> d-------- C:\Documents and Settings\M3\Application Data\iolo 2008-06-26 20:03 . 2008-06-26 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-06-26 19:31 . 2008-03-13 23:11 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-06-26 19:25 . 2008-06-26 19:25 <DIR> d-------- C:\Program Files\Zone Labs 2008-06-25 20:26 . 2008-06-25 20:26 63,925 --a------ C:\WINDOWS\system32\{cb06620c-9c34-83db-e6f7-98b8e0e54e43}.dll-uninst.exe 2008-06-25 17:07 . 2008-06-25 17:08 <DIR> d-------- C:\Documents and Settings\Lalica\Application Data\LimeWire 2008-06-25 15:37 . 2008-06-25 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-25 15:36 . 2008-06-25 15:36 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-06-25 01:07 . 2008-06-25 15:38 <DIR> d-------- C:\Program Files\LimeWire 2008-06-25 01:07 . 2008-06-27 21:44 <DIR> d-------- C:\Documents and Settings\M3\Application Data\LimeWire 2008-06-22 23:38 . 2008-06-26 19:46 <DIR> d-------- C:\Program Files\Avira 2008-06-22 23:38 . 2008-06-27 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-22 20:41 . 2008-06-22 20:41 <DIR> d-------- C:\Program Files\Opera 2008-06-22 18:10 . 2008-06-22 18:10 <DIR> d-------- C:\Program Files\uTorrent 2008-06-22 18:10 . 2008-06-27 22:09 <DIR> d-------- C:\Documents and Settings\M3\Application Data\uTorrent 2008-06-22 11:04 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-06-22 11:04 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-06-22 03:42 . 2008-06-27 22:08 <DIR> d-------- C:\Program Files\Alwil Software 2008-06-16 17:25 . 2008-06-27 22:22 <DIR> d-------- C:\Program Files\2 Find MP3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-27 19:56 2,745,856 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2008-06-27 19:56 1,363,968 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2008-06-27 17:07 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-06-27 00:46 51,071 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_06_27_02_03_15_small.dmp.zip 2008-06-26 20:45 537,600 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-06-26 20:45 1,294,848 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-06-25 17:49 --------- d-----w C:\Program Files\Kaspersky Lab 2008-06-23 01:21 --------- d-----w C:\Program Files\eMule 2008-06-22 20:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-22 19:24 --------- d-----w C:\Program Files\Lavasoft 2008-06-22 19:24 --------- d-----w C:\Documents and Settings\M3\Application Data\Lavasoft 2008-05-17 21:32 --------- d-----w C:\Program Files\Master Converter 2008-05-08 23:58 --------- d-----w C:\Program Files\Winamp 2008-05-03 21:33 --------- d-----w C:\Program Files\Free Hide Folder 2008-05-01 16:12 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-05-01 15:42 --------- d-----w C:\Program Files\PowerArchiver 2008-04-29 13:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-29 13:58 --------- d-----w C:\Program Files\DVD-RAM 2008-04-28 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show 2008-04-28 17:56 --------- d-----w C:\Program Files\Common Files\Vivendi Universal Games 2008-04-27 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-06-20 11:35 47,360 ----a-w C:\Documents and Settings\M3\Application Data\pcouffin.sys . ------- Sigcheck ------- 2005-03-02 20:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 17:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll 2005-03-02 20:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll 2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll 2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2008-06-27 19:07 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-06-27 19:07 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-26 20:46:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-27 20:10:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-12 16:44:11 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe + 2008-05-12 16:32:02 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr + 2008-05-12 16:33:19 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys + 2008-05-12 16:38:45 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys + 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys + 2008-05-12 16:38:25 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys + 2008-05-12 16:34:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys + 2008-05-12 16:36:18 77,904 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys + 2008-05-12 16:33:38 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys + 2007-07-19 13:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys - 2008-04-02 19:07:40 83,432 ------w C:\WINDOWS\system32\vsdata.dll + 2008-03-13 21:10:52 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll - 2008-04-02 19:08:00 394,952 ------w C:\WINDOWS\system32\vsdatant.sys + 2008-03-13 21:11:18 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys - 2007-03-08 23:01:26 71,408 ----a-w C:\WINDOWS\system32\vsregexp.dll + 2008-03-13 21:10:54 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll - 2007-03-08 23:01:30 46,832 ----a-w C:\WINDOWS\system32\vswmi.dll + 2008-03-13 21:10:56 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll - 2008-06-26 17:33:50 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat + 2008-06-27 12:26:18 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat - 2007-03-08 23:01:10 362,280 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll + 2008-03-13 21:10:44 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll + 2007-05-30 22:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat - 2006-06-30 13:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll + 2006-06-30 12:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll + 2007-05-30 22:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat - 2006-12-19 17:13:50 61,565 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll + 2007-05-30 22:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll - 2006-12-19 17:13:50 114,813 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll + 2007-05-30 22:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll - 2006-12-19 17:13:50 307,323 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll + 2007-05-30 22:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll - 2006-11-29 21:02:26 36,923 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll + 2007-05-30 22:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll - 2006-09-19 22:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll + 2006-09-19 21:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll - 2007-01-11 16:31:04 274,514 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll + 2007-12-03 12:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll - 2006-12-19 17:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll + 2006-12-19 16:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll + 2007-05-30 22:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll + 2007-05-30 22:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll - 2006-11-29 21:02:26 184,445 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll + 2007-05-30 22:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll + 2007-05-30 22:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll - 2006-12-19 17:13:52 94,313 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe + 2007-12-03 12:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe - 2006-12-19 17:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll + 2006-12-19 16:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll - 2007-03-08 23:01:10 100,080 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll + 2008-03-13 21:10:44 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll - 2004-01-30 11:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll + 2004-01-30 10:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll - 2007-03-08 23:01:14 128,744 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll + 2008-03-13 21:10:46 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll - 2007-03-08 23:01:14 38,640 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll + 2008-03-13 21:10:46 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll - 2007-03-08 23:01:14 321,280 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll + 2008-03-13 21:10:46 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll - 2007-03-08 23:02:12 288,408 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll + 2008-03-13 21:11:20 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll - 2007-03-08 23:02:12 153,240 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll + 2008-06-27 12:56:15 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll - 2007-03-08 23:02:14 26,264 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll + 2008-03-13 21:11:20 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll - 2007-03-08 23:02:14 1,361,560 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll + 2008-03-13 21:11:22 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll - 2007-03-08 23:02:14 71,320 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll + 2008-03-13 21:11:22 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll - 2007-03-08 23:04:42 30,448 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll + 2008-03-13 21:12:38 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll - 2007-03-08 23:04:44 30,480 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll + 2008-03-13 21:12:38 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll - 2007-01-18 04:39:16 714,472 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll + 2008-02-27 01:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll - 2007-01-18 04:39:16 677,608 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll + 2008-02-27 01:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll - 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat + 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat - 2007-01-18 04:39:18 1,369,832 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll + 2008-02-27 01:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll - 2007-01-18 04:39:20 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys + 2008-02-27 01:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys - 2007-03-08 23:04:44 210,696 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll + 2008-03-13 21:12:38 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll - 2007-03-08 23:04:46 3,229,440 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll + 2008-03-13 21:12:40 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll - 2006-09-04 19:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll + 2006-09-04 18:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll - 2006-10-28 02:03:16 833,520 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2007-10-11 14:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll - 2007-03-08 23:01:58 141,104 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe + 2008-03-13 21:11:08 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe - 2007-01-11 16:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll + 2007-01-11 15:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll - 2007-03-08 23:01:58 75,568 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe + 2008-03-13 21:11:08 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe - 2007-03-08 23:01:28 243,440 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll + 2008-03-13 21:10:54 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll - 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat + 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat - 2007-03-08 23:01:32 79,608 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll + 2008-03-13 21:10:58 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll - 2007-03-08 23:01:34 378,608 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll + 2008-03-13 21:10:58 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll - 2007-03-08 23:01:34 120,560 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll + 2008-03-13 21:10:58 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll - 2007-03-08 23:01:42 1,087,216 ----a-w C:\WINDOWS\system32\zpeng24.dll + 2008-03-13 21:11:02 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll + 2008-06-27 20:11:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_764.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14 1867776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-10 19:12 5419008] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-07 21:45 98304] "nwiz"="nwiz.exe" [2004-12-10 19:12 1490944 C:\WINDOWS\system32\nwiz.exe] "NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2004-12-10 19:12 49152] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 23:37 88363 C:\WINDOWS\agrsmmsg.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" [] "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 15:07 49152] "TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2004-10-06 18:48 331840] "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe] "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-08-11 10:36 253952] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2008-04-29 15:58:41 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Monitor.lnk] backup=C:\WINDOWS\pss\Bluetooth Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK] --a------ 2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey] --a------ 2004-08-11 10:36 253952 C:\WINDOWS\system32\00THotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2004-07-26 19:14 1867776 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2004-12-10 19:12 5419008 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2004-12-10 19:12 1490944 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-05-07 21:45 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 09:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosHKCW.exe] --a------ 2002-09-09 15:07 49152 C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) "FastUserSwitchingCompatibility"=3 (0x3) "CiSvc"=3 (0x3) "mnmsrvc"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-11-20 19:46] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-05-13 12:58] R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-09-27 11:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cec7017-07c8-11dd-a9bd-b77ca24eb84f}] \Shell\Auto\command - Long.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Long.exe Newly Created Service - ASWUPDSV Newly Created Service - AVAST!_ANTIVIRUS Newly Created Service - AVAST!_MAIL_SCANNER Newly Created Service - AVAST!_WEB_SCANNER Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-01-20 11:24:08 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job" . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-06-27 22:40:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-27 22:45:51 ComboFix-quarantined-files.txt 2008-06-27 20:45:44 ComboFix2.txt 2008-06-27 01:14:24 ComboFix3.txt 2008-06-26 20:58:32 Pre-Run: 4,728,246,272 bytes free Post-Run: 4,708,184,064 bytes free 310 --- E O F --- 2007-08-03 02:21:24 Izvini, ali nisam mogao ranije. Antivirusni program mi je nesto bagovao, pa sam presao na avast. Od p2p koristim utorrent i limeware. Istina je da tu nikada ne zna covek sta skida, ali uvek skeniram pre nego sto bilo sta otvorim. Znam da to nije dovoljno ali...

Profil

bobby Poslao: 28 Jun 2008 00:26 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby]komp mi se ne ponasa normalno

Ko je trenutno na forumu

Ukupno su 850 korisnika na forumu :: 17 registrovanih, 1 sakriven i 832 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: -[CoA]-, Andy, arsa, Avladi, Bookie90, del boy, dusanobr, kybonacci, Lj_ubo, LUDI, nemkea71, nenooo, pein, Romibrat, saputnik plavetnila, Tas011, trutcina

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by