MyCity » Ambulanta -> Arhiva Ambulante » kompjuter se sam restartuje

kompjuter se sam restartuje

Napisano na dan: 18.1.2009

Strana:
1
2

kompjuter se sam restartuje

Sledeća strana

Pagination

Odgovori

Strana:
1
2

scoles Poslao: 18 Jan 2009 14:33 Idi na vrh
offline scoles Novi MyCity građanin Pridružio: 08 Jan 2009 Poruke: 17 Gde živiš: sumadija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:21:49, on 18.1.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\atiptaxx.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\nMtsk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\Program Files\Di recnik\Di.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Documents and Settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Cole\Desktop\TR3.exe\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = starter.metacafe.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun O4 - HKLM\..\Run: [Di dictionary] "C:\Program Files\Di recnik\Di.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9595 bytes kompjuter se sam restartuje kako da odklonim to?

Profil

bobby Poslao: 18 Jan 2009 18:50 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

scoles Poslao: 19 Jan 2009 00:39 Idi na vrh
offline scoles Novi MyCity građanin Pridružio: 08 Jan 2009 Poruke: 17 Gde živiš: sumadija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-18.01 - Cole 2009-01-18 23:49:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.256.39 [GMT 1:00] Running from: c:\documents and settings\Cole\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\windows\system32\AutoRun.inf c:\windows\system32\Config.ini d:\my documenats\My Music\My Music.url . ((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))))) . 2009-01-18 23:47 . 2009-01-18 23:47 388,608 --a------ c:\windows\system32\CF29563.exe 2009-01-15 22:52 . 2009-01-15 22:51 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-07 18:27 . 2007-06-29 14:47 34,304 --a------ c:\windows\system32\drivers\AmdLLD.sys 2009-01-07 02:37 . 2009-01-07 02:39 <DIR> d-------- c:\program files\QuickTime 2009-01-07 02:37 . 2009-01-07 02:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-07 02:18 . 2009-01-07 02:36 <DIR> d-------- c:\program files\Common Files\Apple 2009-01-06 00:19 . 2009-01-07 15:20 <DIR> d-------- c:\program files\Google 2009-01-02 13:06 . 2009-01-02 13:06 1,558 -rahs---- c:\windows\system32\autorun.i 2009-01-02 13:06 . 2009-01-02 13:06 1,079 -rahs---- c:\windows\system32\autorun.in 2009-01-02 13:06 . 2009-01-02 13:06 0 -rahs---- C:\khs 2009-01-02 11:50 . 2009-01-07 02:10 <DIR> d-------- c:\program files\NoteWorthy Composer 2008-12-24 00:20 . 2008-12-24 00:20 268 --ah----- C:\sqmdata13.sqm 2008-12-24 00:20 . 2008-12-24 00:20 244 --ah----- C:\sqmnoopt13.sqm 2008-12-23 02:05 . 2008-12-23 02:05 <DIR> d-------- c:\program files\Typograf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-18 22:36 --------- d-----w c:\program files\Common Files\Akamai 2009-01-15 21:51 --------- d-----w c:\program files\Java 2009-01-10 15:31 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-01-08 23:13 --------- d-----w c:\program files\CamStudio 2009-01-06 18:29 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY 2009-01-06 14:02 --------- d-----w c:\program files\Mv2Player 2008-12-28 14:41 --------- d-----w c:\documents and settings\Cole\Application Data\SAU KP 2008-12-17 21:08 --------- d-----w c:\program files\Apple Software Update 2008-12-17 21:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-12-15 00:18 --------- d-----w c:\documents and settings\Cole\Application Data\Sahmon Games 2008-12-15 00:15 --------- d-----w c:\program files\AskSearch 2008-12-15 00:14 --------- d-----w c:\program files\AskBarDis 2008-12-14 22:32 --------- d-----w c:\program files\Morton Benson 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-08-12 21:53 13,286 ----a-w c:\documents and settings\Cole\upjdl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-24 20:25 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-23 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "ATIPTA"="c:\windows\atiptaxx.exe" [2003-06-05 335872] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600] "Device Detector"="c:\program files\Common Files\ACD Systems\EN\DevDetect.exe" [2003-09-17 212992] "Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "nMTaskBarService"="nMtsk.exe" [2005-05-06 c:\windows\nMtsk.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Cole\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2008-06-17 867062] R4 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-03 14336] R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-15 464264] R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2008-06-14 62824] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-15 234888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d8a34e2-832f-11dd-83e9-000c6eefd5af}] \Shell\AutoRun\command - J:\Setup.exe -auto . Contents of the 'Scheduled Tasks' folder 2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1958367476-682003330-1003.job - c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-23 21:09] 2009-01-10 c:\windows\Tasks\WebReg 20081006032036.job - c:\program files\Hewlett-Packard\webreg\bin\hpqwrg.exe [] . - - - - ORPHANS REMOVED - - - - HKLM-Run-amd_dc_opt - c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://starter.metacafe.com uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearch Bar = hxxp://www.google.com/ie mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm IE: Translate with Di dictionary - FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q= FF - component: c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll FF - component: c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFAlert.dll FF - plugin: c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-18 23:52:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-01-18 23:55:32 ComboFix-quarantined-files.txt 2009-01-18 22:55:29 Pre-Run: 14,046,334,976 bytes free Post-Run: 14,035,251,200 bytes free 181 --- E O F --- 2009-01-14 12:12:16 Nadam se da sam dobro uradio, pozdrav Dopuna: 19 Jan 2009 0:39 bobby ::Skini ComboFix sa jedne od sledecih adresa na Desktop: download.bleepingcomputer.com/sUBs/ComboFix.exe forospyware.com/sUBs/ComboFix.exe subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati. ComboFix 09-01-18.01 - Cole 2009-01-18 23:49:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.256.39 [GMT 1:00] Running from: c:\documents and settings\Cole\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\windows\system32\AutoRun.inf c:\windows\system32\Config.ini d:\my documenats\My Music\My Music.url . ((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))))) . 2009-01-18 23:47 . 2009-01-18 23:47 388,608 --a------ c:\windows\system32\CF29563.exe 2009-01-15 22:52 . 2009-01-15 22:51 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-07 18:27 . 2007-06-29 14:47 34,304 --a------ c:\windows\system32\drivers\AmdLLD.sys 2009-01-07 02:37 . 2009-01-07 02:39 <DIR> d-------- c:\program files\QuickTime 2009-01-07 02:37 . 2009-01-07 02:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-07 02:18 . 2009-01-07 02:36 <DIR> d-------- c:\program files\Common Files\Apple 2009-01-06 00:19 . 2009-01-07 15:20 <DIR> d-------- c:\program files\Google 2009-01-02 13:06 . 2009-01-02 13:06 1,558 -rahs---- c:\windows\system32\autorun.i 2009-01-02 13:06 . 2009-01-02 13:06 1,079 -rahs---- c:\windows\system32\autorun.in 2009-01-02 13:06 . 2009-01-02 13:06 0 -rahs---- C:\khs 2009-01-02 11:50 . 2009-01-07 02:10 <DIR> d-------- c:\program files\NoteWorthy Composer 2008-12-24 00:20 . 2008-12-24 00:20 268 --ah----- C:\sqmdata13.sqm 2008-12-24 00:20 . 2008-12-24 00:20 244 --ah----- C:\sqmnoopt13.sqm 2008-12-23 02:05 . 2008-12-23 02:05 <DIR> d-------- c:\program files\Typograf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-18 22:36 --------- d-----w c:\program files\Common Files\Akamai 2009-01-15 21:51 --------- d-----w c:\program files\Java 2009-01-10 15:31 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-01-08 23:13 --------- d-----w c:\program files\CamStudio 2009-01-06 18:29 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY 2009-01-06 14:02 --------- d-----w c:\program files\Mv2Player 2008-12-28 14:41 --------- d-----w c:\documents and settings\Cole\Application Data\SAU KP 2008-12-17 21:08 --------- d-----w c:\program files\Apple Software Update 2008-12-17 21:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-12-15 00:18 --------- d-----w c:\documents and settings\Cole\Application Data\Sahmon Games 2008-12-15 00:15 --------- d-----w c:\program files\AskSearch 2008-12-15 00:14 --------- d-----w c:\program files\AskBarDis 2008-12-14 22:32 --------- d-----w c:\program files\Morton Benson 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-08-12 21:53 13,286 ----a-w c:\documents and settings\Cole\upjdl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-24 20:25 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-23 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "ATIPTA"="c:\windows\atiptaxx.exe" [2003-06-05 335872] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600] "Device Detector"="c:\program files\Common Files\ACD Systems\EN\DevDetect.exe" [2003-09-17 212992] "Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "nMTaskBarService"="nMtsk.exe" [2005-05-06 c:\windows\nMtsk.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Cole\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2008-06-17 867062] R4 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-03 14336] R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-15 464264] R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2008-06-14 62824] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-15 234888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d8a34e2-832f-11dd-83e9-000c6eefd5af}] \Shell\AutoRun\command - J:\Setup.exe -auto . Contents of the 'Scheduled Tasks' folder 2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1958367476-682003330-1003.job - c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-23 21:09] 2009-01-10 c:\windows\Tasks\WebReg 20081006032036.job - c:\program files\Hewlett-Packard\webreg\bin\hpqwrg.exe [] . - - - - ORPHANS REMOVED - - - - HKLM-Run-amd_dc_opt - c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://starter.metacafe.com uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearch Bar = hxxp://www.google.com/ie mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm IE: Translate with Di dictionary - FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q= FF - component: c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll FF - component: c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFAlert.dll FF - plugin: c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-18 23:52:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-01-18 23:55:32 ComboFix-quarantined-files.txt 2009-01-18 22:55:29 Pre-Run: 14,046,334,976 bytes free Post-Run: 14,035,251,200 bytes free 181 --- E O F --- 2009-01-14 12:12:16

Profil

bobby Poslao: 19 Jan 2009 21:05 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\autorun.i c:\windows\system32\autorun.in c:\documents and settings\Cole\upjdl.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ============================ Javi mi kakvo je sada stanje

Profil

scoles Poslao: 19 Jan 2009 22:39 Idi na vrh
offline scoles Novi MyCity građanin Pridružio: 08 Jan 2009 Poruke: 17 Gde živiš: sumadija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ovo ispod je novi log posle skeniranja/ciscenja znaci problem je: kad ukljucim pr. kameru uzivo sa trga nikole pasica bg komp me restartuje, kad pokusam da udjem u pricaonicu, komp me restartuje, kad trazim bilo sta sto pokrece DOS /pr. Earth/ komp restartuje... ComboFix 09-01-19.01 - Cole 2009-01-19 22:13:26.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.256.19 [GMT 1:00] Running from: c:\documents and settings\Cole\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Cole\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 ))))))))))))))))))))))))))))))) . 2009-01-15 22:52 . 2009-01-15 22:51 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-07 18:27 . 2007-06-29 14:47 34,304 --a------ c:\windows\system32\drivers\AmdLLD.sys 2009-01-07 02:37 . 2009-01-07 02:39 <DIR> d-------- c:\program files\QuickTime 2009-01-07 02:37 . 2009-01-07 02:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-07 02:18 . 2009-01-07 02:36 <DIR> d-------- c:\program files\Common Files\Apple 2009-01-06 00:19 . 2009-01-07 15:20 <DIR> d-------- c:\program files\Google 2009-01-02 13:06 . 2009-01-02 13:06 1,558 -rahs---- c:\windows\system32\autorun.i 2009-01-02 13:06 . 2009-01-02 13:06 1,079 -rahs---- c:\windows\system32\autorun.in 2009-01-02 13:06 . 2009-01-02 13:06 0 -rahs---- C:\khs 2009-01-02 11:50 . 2009-01-07 02:10 <DIR> d-------- c:\program files\NoteWorthy Composer 2008-12-24 00:20 . 2008-12-24 00:20 268 --ah----- C:\sqmdata13.sqm 2008-12-24 00:20 . 2008-12-24 00:20 244 --ah----- C:\sqmnoopt13.sqm 2008-12-23 02:05 . 2008-12-23 02:05 <DIR> d-------- c:\program files\Typograf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-19 21:03 --------- d-----w c:\program files\Common Files\Akamai 2009-01-19 12:56 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-01-15 21:51 --------- d-----w c:\program files\Java 2009-01-08 23:13 --------- d-----w c:\program files\CamStudio 2009-01-06 18:29 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY 2009-01-06 14:02 --------- d-----w c:\program files\Mv2Player 2008-12-28 14:41 --------- d-----w c:\documents and settings\Cole\Application Data\SAU KP 2008-12-17 21:08 --------- d-----w c:\program files\Apple Software Update 2008-12-17 21:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-12-15 00:18 --------- d-----w c:\documents and settings\Cole\Application Data\Sahmon Games 2008-12-15 00:15 --------- d-----w c:\program files\AskSearch 2008-12-15 00:14 --------- d-----w c:\program files\AskBarDis 2008-12-14 22:32 --------- d-----w c:\program files\Morton Benson 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-08-12 21:53 13,286 ----a-w c:\documents and settings\Cole\upjdl.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-18_23.54.22.53 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-19 21:03:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_55c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-24 20:25 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-23 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "ATIPTA"="c:\windows\atiptaxx.exe" [2003-06-05 335872] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600] "Device Detector"="c:\program files\Common Files\ACD Systems\EN\DevDetect.exe" [2003-09-17 212992] "Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "nMTaskBarService"="nMtsk.exe" [2005-05-06 c:\windows\nMtsk.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Cole\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2008-06-17 867062] R4 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-03 14336] R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-15 464264] R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2008-06-14 62824] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-15 234888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d8a34e2-832f-11dd-83e9-000c6eefd5af}] \Shell\AutoRun\command - J:\Setup.exe -auto . Contents of the 'Scheduled Tasks' folder 2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1958367476-682003330-1003.job - c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-23 21:09] 2009-01-10 c:\windows\Tasks\WebReg 20081006032036.job - c:\program files\Hewlett-Packard\webreg\bin\hpqwrg.exe [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://starter.metacafe.com uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearch Bar = hxxp://www.google.com/ie mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm IE: Translate with Di dictionary - FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q= FF - component: c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll FF - component: c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFAlert.dll FF - plugin: c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-19 22:16:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-01-19 22:19:07 ComboFix-quarantined-files.txt 2009-01-19 21:19:03 ComboFix2.txt 2009-01-18 22:55:34 Pre-Run: 16.590.848.000 bytes free Post-Run: 16,577,900,544 bytes free 176 --- E O F --- 2009-01-14 12:12:16

Profil

bobby Poslao: 19 Jan 2009 22:44 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisi lepo odradio postupak. Pustio si prazan skript. Ponovi ono sto sam ti napisao u prethodnoj temi, ali sada lepo i postupno. Dalje, jesi li pokusao da instaliras novije drajvere za tvoju graficku karticu? Drajveri za graficku su jako cest uzrok ovakvih restartovanja. Jesi li proverio temperature? Imas besplatne programe tipa SpeedFan i HWInfo32 u kojima mozes videti temperature i napone. Ako se ne razumes oko toga, onda prosto skini SpeedFan i postavi screenshot ovde. Pricam ti ovo, posto ovaj malware koji imas ovde, nije mi poznato da on prouzrokuje restartove.

Profil

scoles Poslao: 19 Jan 2009 23:40 Idi na vrh
offline scoles Novi MyCity građanin Pridružio: 08 Jan 2009 Poruke: 17 Gde živiš: sumadija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! DA, potpuno sam omanuo, pogresno sam razumeo, odradio sam sve nanovo, nadam se ok /u komp se slabo razumem/ proverio sam temperaturu preko SpeedFana i ona je trenutno 43, 35 30C ostalo je da preistaliram drajvere za graficku karticu /a kako staviti novije?/ prilog novo skeniranje: ComboFix 09-01-19.03 - Cole 2009-01-19 23:06:52.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.256.30 [GMT 1:00] Running from: c:\documents and settings\Cole\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Cole\Desktop\CFScript.txt.txt AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 ))))))))))))))))))))))))))))))) . 2009-01-15 22:52 . 2009-01-15 22:51 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-07 18:27 . 2007-06-29 14:47 34,304 --a------ c:\windows\system32\drivers\AmdLLD.sys 2009-01-07 02:37 . 2009-01-07 02:39 <DIR> d-------- c:\program files\QuickTime 2009-01-07 02:37 . 2009-01-07 02:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-07 02:18 . 2009-01-07 02:36 <DIR> d-------- c:\program files\Common Files\Apple 2009-01-06 00:19 . 2009-01-07 15:20 <DIR> d-------- c:\program files\Google 2009-01-02 13:06 . 2009-01-02 13:06 1,558 -rahs---- c:\windows\system32\autorun.i 2009-01-02 13:06 . 2009-01-02 13:06 1,079 -rahs---- c:\windows\system32\autorun.in 2009-01-02 13:06 . 2009-01-02 13:06 0 -rahs---- C:\khs 2009-01-02 11:50 . 2009-01-07 02:10 <DIR> d-------- c:\program files\NoteWorthy Composer 2008-12-24 00:20 . 2008-12-24 00:20 268 --ah----- C:\sqmdata13.sqm 2008-12-24 00:20 . 2008-12-24 00:20 244 --ah----- C:\sqmnoopt13.sqm 2008-12-23 02:05 . 2008-12-23 02:05 <DIR> d-------- c:\program files\Typograf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-19 21:49 --------- d-----w c:\program files\Common Files\Akamai 2009-01-15 21:51 --------- d-----w c:\program files\Java 2009-01-08 23:13 --------- d-----w c:\program files\CamStudio 2009-01-06 18:29 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY 2009-01-06 14:02 --------- d-----w c:\program files\Mv2Player 2008-12-28 14:41 --------- d-----w c:\documents and settings\Cole\Application Data\SAU KP 2008-12-17 21:08 --------- d-----w c:\program files\Apple Software Update 2008-12-17 21:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-12-15 00:18 --------- d-----w c:\documents and settings\Cole\Application Data\Sahmon Games 2008-12-15 00:15 --------- d-----w c:\program files\AskSearch 2008-12-15 00:14 --------- d-----w c:\program files\AskBarDis 2008-12-14 22:32 --------- d-----w c:\program files\Morton Benson 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-08-12 21:53 13,286 ----a-w c:\documents and settings\Cole\upjdl.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-18_23.54.22.53 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-10 15:31:58 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys + 2009-01-19 12:56:29 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys + 2009-01-19 21:48:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_558.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-24 20:25 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-23 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "ATIPTA"="c:\windows\atiptaxx.exe" [2003-06-05 335872] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600] "Device Detector"="c:\program files\Common Files\ACD Systems\EN\DevDetect.exe" [2003-09-17 212992] "Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "nMTaskBarService"="nMtsk.exe" [2005-05-06 c:\windows\nMtsk.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Cole\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2008-06-17 867062] R4 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-03 14336] R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-15 464264] R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2008-06-14 62824] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-15 234888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d8a34e2-832f-11dd-83e9-000c6eefd5af}] \Shell\AutoRun\command - J:\Setup.exe -auto . Contents of the 'Scheduled Tasks' folder 2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1958367476-682003330-1003.job - c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-23 21:09] 2009-01-10 c:\windows\Tasks\WebReg 20081006032036.job - c:\program files\Hewlett-Packard\webreg\bin\hpqwrg.exe [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://starter.metacafe.com uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearch Bar = hxxp://www.google.com/ie mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm IE: Translate with Di dictionary - FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q= FF - component: c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll FF - component: c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\xrduqzdq.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFAlert.dll FF - plugin: c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-19 23:09:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-01-19 23:13:02 ComboFix-quarantined-files.txt 2009-01-19 22:12:58 ComboFix2.txt 2009-01-19 21:19:08 ComboFix3.txt 2009-01-18 22:55:34 Pre-Run: 16.537.980.928 bytes free Post-Run: 16,526,491,648 bytes free 177 --- E O F --- 2009-01-14 12:12:16

Profil

bobby Poslao: 20 Jan 2009 19:21 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! * Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin : Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje). * Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora; * Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection. * Na sledece pitanje klikni Yes. Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja. ================================= Skini skript odavde na Desktop (desno dugme na link, pa odaberi opciju za snimanje fajla): http://amf.mycity.rs/temp/CFScript.txt Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

scoles Poslao: 20 Jan 2009 22:07 Idi na vrh
offline scoles Novi MyCity građanin Pridružio: 08 Jan 2009 Poruke: 17 Gde živiš: sumadija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! na kraju posle klika na Yes /u ESET NOD32/ prijavljuje neki problem i daje mi "Windows Security Center"

Profil

bobby Poslao: 20 Jan 2009 22:09 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To je normalno. Odradi ostatk uputstva, pa ces na kraju (kada ComboFix zavrsi skeniranje) ponovo ukljuciti NOD, i onda ce to crveno u Windows Security Centru nestati. To te samo Windows obavestava da ti je antivirus iskljucen.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » kompjuter se sam restartuje

Ko je trenutno na forumu

Ukupno su 776 korisnika na forumu :: 7 registrovanih, 1 sakriven i 768 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: avijacija, bigfoot, darkojbn, dekir, draganl, lcc, vladaa012

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by