MyCity » Ambulanta -> Arhiva Ambulante » virus gasi Windows Explorer

virus gasi Windows Explorer

Napisano na dan: 29.6.2008

virus gasi Windows Explorer

Sledeća strana

Pagination

Odgovori

sense Poslao: 29 Jun 2008 02:26 Idi na vrh
offline sense Novi MyCity građanin Pridružio: 28 Jun 2008 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! upao mi je virus juce kada sam skidao neki screensaver (nod je prijavio nesto dole ali nisam imao opciju da obrisem taj virus odmah), i od tada mi se nakon nekog vremena gasi windows explorer, nekada na svakih 10 sec. nekada nakon malo duzeg vremena? Sta da radim ? Dopuna: 29 Jun 2008 2:26 i kada god otvorim neki program , windows explorer se restartuje ili skroz ugasi.

Profil

dr_Bora Poslao: 29 Jun 2008 04:31 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Isprati uputstvo za postavljanje HijackThis loga: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

sense Poslao: 29 Jun 2008 10:20 Idi na vrh
offline sense Novi MyCity građanin Pridružio: 28 Jun 2008 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 10:15:50, on 6/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\Terminator\Quick TV\Scheduled.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\svuhost.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Registry Mechanic\RegMech.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Sasa\Desktop\abv\TR3.exe.exe C:\WINDOWS\explorer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.babylon.com/home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E02BBA0-1CA1-4697-96BA-67FBAAD52CFE} - C:\WINDOWS\system32\mlJDsQHx.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {76ED0E32-FF6C-4D20-A777-F83353F87C26} - C:\WINDOWS\system32\efcDVnNH.dll O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O2 - BHO: (no name) - {FE27E908-4C06-4BAE-88A0-655D0CE752CB} - C:\WINDOWS\system32\rqRIbxvU.dll O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [Quick TV Agent] C:\Program Files\Terminator\Quick TV\Scheduled.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [Microsoft Windows Sound] svuhost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svuhost.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - upload.facebook.com/controls/FacebookPhotoUploader4_5.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: rqRIbxvU - C:\WINDOWS\SYSTEM32\rqRIbxvU.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing) O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe to je to. koristim SP2 , imam 512/256 net kablovski.

Profil

dr_Bora Poslao: 29 Jun 2008 13:28 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-uj file: C:\WINDOWS\system32\svuhost.exe (obrati pažnju; u pitanju je svuhost a ne svchost) preko ovog linka: http://www.mycity.rs/ambulanta-upload.php ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

sense Poslao: 29 Jun 2008 16:13 Idi na vrh
offline sense Novi MyCity građanin Pridružio: 28 Jun 2008 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uploadivao sam fajl. evo loga: ComboFix 08-06-20.4 - Sasa 2008-06-29 15:43:24.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.214 [GMT 2:00] Running from: C:\Documents and Settings\Sasa\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . /wow section - STAGE 38 The syntax of the command is incorrect. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\efcDVnNH.dll C:\WINDOWS\system32\HNnVDcfe.ini C:\WINDOWS\system32\HNnVDcfe.ini2 C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))) . 2008-06-27 23:42 . 2008-06-27 23:42 95 --a------ C:\WINDOWS\wininit.ini 2008-06-27 22:57 . 2008-06-27 22:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-27 21:58 . 2008-06-27 21:58 319,488 --a------ C:\WINDOWS\system32\mlJDsQHx.dll_old 2008-06-27 21:53 . 2008-06-27 21:53 25,600 --a------ C:\WINDOWS\system32\rqRIbxvU.dll 2008-06-27 11:12 . 2008-06-28 02:04 <DIR> d-------- C:\Program Files\Garena 2008-06-26 16:12 . 2008-06-26 16:12 37,004 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-06-25 15:48 . 2008-06-25 15:48 69 --a------ C:\WINDOWS\cdplayer.ini 2008-06-20 16:48 . 2008-06-25 11:13 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-06-17 12:09 . 2008-06-17 12:09 1,961 --a------ C:\WINDOWS\ST5UNST.003 2008-06-17 12:08 . 2008-06-17 12:08 1,961 --a------ C:\WINDOWS\ST5UNST.002 2008-06-17 12:07 . 2008-06-17 12:07 1,961 --a------ C:\WINDOWS\ST5UNST.001 2008-06-17 07:46 . 1999-09-28 18:42 1,050,896 --a------ C:\WINDOWS\system32\MSJet35.dll 2008-06-17 07:46 . 1999-08-25 11:57 415,504 --a------ C:\WINDOWS\system32\MsRepl35.dll 2008-06-17 07:46 . 1998-04-24 00:00 252,176 --a------ C:\WINDOWS\system32\MSRD2x35.dll 2008-06-17 07:46 . 1998-04-24 00:00 123,664 --a------ C:\WINDOWS\system32\MSJInt35.dll 2008-06-17 07:46 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll 2008-06-17 07:46 . 1997-01-16 00:00 75,536 --a------ C:\WINDOWS\system32\PICCLP32.OCX 2008-06-17 07:46 . 1998-05-31 00:00 72,704 --a------ C:\WINDOWS\system32\ODBCTL32.dll 2008-06-17 07:45 . 1998-04-24 00:00 24,848 --a------ C:\WINDOWS\system32\MSJtEr35.dll 2008-06-17 07:45 . 2008-06-17 07:47 4,805 --a------ C:\WINDOWS\ST5UNST.000 2008-06-15 21:28 . 2008-06-15 21:28 <DIR> d-------- C:\Program Files\Common Files\Autodata Limited Shared 2008-06-15 21:04 . 2008-06-15 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodata Limited 2008-06-14 21:45 . 2008-06-14 21:45 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-06-14 21:45 . 2008-06-14 21:45 <DIR> d-------- C:\Program Files\Ahead 2008-06-14 12:44 . 2004-08-04 14:00 1,376 --a------ C:\WINDOWS\system32\comctl29q.ocx 2008-06-13 12:57 . 2008-06-13 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-06-08 13:37 . 2008-06-27 10:59 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-06-08 13:37 . 2008-06-08 13:37 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\PC Tools 2008-06-08 13:37 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-06-08 13:37 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-06-08 13:37 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-06-08 13:37 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-06-07 22:29 . 2008-06-27 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-06 22:17 . 2008-06-06 22:17 <DIR> d-------- C:\Program Files\Philips Semiconductors 2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\MEGAUPLOADTOOLBAR 2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Locktime 2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\DivX 2008-06-05 22:21 . 2008-06-05 22:21 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Nero 2008-06-05 22:21 . 2008-06-27 22:42 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Babylon 2008-06-05 13:45 . 2008-06-05 13:45 <DIR> d-------- C:\Program Files\Diskeeper Corporation 2008-06-05 13:45 . 2008-06-05 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation 2008-06-04 19:36 . 2008-06-04 19:36 <DIR> d-------- C:\Program Files\AskSBar 2008-06-04 19:36 . 2008-06-04 19:36 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll 2008-06-04 19:35 . 2008-06-04 21:25 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Comodo 2008-06-04 09:02 . 2008-06-04 09:02 <DIR> d-------- C:\Program Files\Display Tuner 2008-06-04 09:02 . 2008-04-09 10:48 10,240 --a------ C:\WINDOWS\system32\drivers\ddcdrv.sys 2008-06-01 12:59 . 1999-06-25 10:55 149,504 --a------ C:\WINDOWS\UNWISE.EXE 2008-05-30 13:15 . 2008-05-30 13:15 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Locktime 2008-05-30 13:13 . 2008-06-05 10:15 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro 2008-05-30 13:13 . 2008-05-30 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime 2008-05-30 11:54 . 2008-06-26 02:29 <DIR> d-------- C:\Program Files\Soulseek 2008-05-30 11:52 . 2008-05-30 11:53 <DIR> d-------- C:\Program Files\Ares . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-29 13:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-29 13:41 --------- d-----w C:\Documents and Settings\Sasa\Application Data\uTorrent 2008-06-29 13:41 --------- d-----w C:\Documents and Settings\Sasa\Application Data\mIRC 2008-06-29 09:25 --------- d-----w C:\Program Files\mIRC 2008-06-27 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon 2008-06-27 19:53 7 ----a-w C:\WINDOWS\Fonts\1.txt 2008-06-27 19:53 33,280 ------w C:\WINDOWS\Fonts\is157454.exe 2008-06-27 16:14 --------- d-----w C:\Program Files\Valve 2008-06-27 13:09 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Skype 2008-06-27 12:28 --------- d-----w C:\Documents and Settings\Sasa\Application Data\skypePM 2008-06-27 09:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-26 09:52 --------- d-----w C:\Program Files\sXe Injected 2008-06-26 00:34 --------- d-----w C:\Documents and Settings\Sasa\Application Data\LimeWire 2008-06-23 11:23 --------- d-----w C:\Program Files\Warcraft III 2008-06-23 08:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995 2008-06-19 11:14 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-19 11:13 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-06-13 20:09 --------- d-----w C:\Program Files\Opera 2008-06-13 10:57 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2008-06-13 10:57 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-06-13 10:38 --------- d-----w C:\Program Files\Zoom Player 2008-06-11 18:43 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Babylon 2008-06-10 20:18 --------- d-----w C:\Documents and Settings\Sasa\Application Data\MyPhoneExplorer 2008-06-09 20:02 --------- d-----w C:\Program Files\ACD Systems 2008-06-09 19:29 --------- d-----w C:\Documents and Settings\Sasa\Application Data\gtk-2.0 2008-06-08 11:32 --------- d-----w C:\Program Files\DVBPortal 2008-06-06 08:33 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Winamp 2008-06-04 17:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-04 12:44 --------- d-----w C:\Program Files\Hard Disk Sentinel 2008-06-01 17:17 --------- d-----w C:\Program Files\AIMP2 2008-05-29 20:33 --------- d-----w C:\Program Files\Fraps 2008-05-28 21:35 --------- d-----w C:\Program Files\Google 2008-05-27 20:06 --------- d-----w C:\Program Files\ElcomSoft 2008-05-25 06:50 --------- d-----w C:\Program Files\Dream Aquarium 2008-05-22 15:57 20 ----a-w C:\sccfg.sys 2008-05-22 10:22 --------- d-----w C:\Program Files\Achilles-Script 3.7 2008-05-21 11:46 --------- d-----w C:\Program Files\Solveig Multimedia 2008-05-21 11:46 --------- d-----w C:\Program Files\Common Files\Solveig Multimedia 2008-05-21 11:46 --------- d-----w C:\Program Files\Common Files\Elecard 2008-05-19 13:30 --------- d-----w C:\Program Files\The KMPlayer 2008-05-19 08:11 --------- d-----w C:\Program Files\Babylon 2008-05-17 14:38 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Nero 2008-05-17 14:37 --------- d-----w C:\Program Files\Common Files\Nero 2008-05-17 14:35 --------- d-----w C:\Program Files\Nero 2008-05-17 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-05-17 07:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro 2008-05-16 18:50 89,600 ----a-w C:\WINDOWS\system32\atl71.dll 2008-05-16 18:50 503,808 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-05-16 18:50 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-05-16 18:50 258,352 ----a-w C:\WINDOWS\system32\unicows.dll 2008-05-16 18:50 1,053,184 ----a-w C:\WINDOWS\system32\mfc71u.dll 2008-05-16 11:41 --------- d-----w C:\Program Files\Windows Installer Clean Up 2008-05-16 11:41 --------- d-----w C:\Program Files\MSECACHE 2008-05-12 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\BlazeVideo 2008-05-07 09:07 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe 2008-05-07 09:07 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-05-06 19:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-05-06 17:13 --------- d-----w C:\Program Files\Activision 2008-05-06 17:12 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-06 09:21 --------- d-----w C:\Program Files\X-Fusions Wallpaper 2008-05-06 09:19 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-05-06 09:19 1,388,544 ----a-w C:\WINDOWS\system32\msvbvm60.dll 2008-05-05 18:56 --------- d-----w C:\Program Files\SHOUTcast Source 2008-05-05 18:24 --------- d-----w C:\Program Files\Unlocker 2008-05-05 08:37 --------- d-----w C:\Documents and Settings\Nino\Application Data\HP 2008-04-28 06:52 2,121,235 ----a-w C:\WINDOWS\system32\x264vfw.dll 2008-04-18 17:15 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll 2008-02-25 18:10 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-06 12:29 88 --sha-r C:\WINDOWS\system32\E6FF164BA3.sys 2004-08-04 12:00 946,176 --sha-r C:\WINDOWS\system32\svuhost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D0880C3-CDC3-4505-B9E4-30A25D3B1792}] 2008-06-29 15:54 319488 --a------ C:\WINDOWS\system32\vtUMEWmJ.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E02BBA0-1CA1-4697-96BA-67FBAAD52CFE}] C:\WINDOWS\system32\mlJDsQHx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE27E908-4C06-4BAE-88A0-655D0CE752CB}] 2008-06-27 21:53 25600 --a------ C:\WINDOWS\system32\rqRIbxvU.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 05:15 83968] "Quick TV Agent"="C:\Program Files\Terminator\Quick TV\Scheduled.exe" [2004-10-11 11:46 740352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-28 21:27 185896] "RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240] "PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-05-19 10:12 3551456] "Microsoft Windows Sound"="svuhost.exe" [2004-08-04 14:00 946176 C:\WINDOWS\system32\svuhost.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Windows Sound"="svuhost.exe" [2004-08-04 14:00 946176 C:\WINDOWS\system32\svuhost.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 14:00 53760 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472] TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2008-01-05 18:02:51 57344] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{FE27E908-4C06-4BAE-88A0-655D0CE752CB}"= C:\WINDOWS\system32\rqRIbxvU.dll [2008-06-27 21:53 25600] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIbxvU] rqRIbxvU.dll 2008-06-27 21:53 25600 C:\WINDOWS\system32\rqRIbxvU.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtUMEWmJ [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hard Disk Sentinel] --a------ 2008-05-22 12:47 3264000 C:\Program Files\Hard Disk Sentinel\HDSentinel.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet "ares"="C:\Program Files\Ares\Ares.exe" -h "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Hard Disk Sentinel"="C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "D:\\ApexDC++\\ApexDC.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "C:\\Program Files\\Valve\\hlds.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\Garena\\Garena.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "55380:TCP"= 55380:TCP:tshack R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21] R1 hmonitor;hmonitor;C:\WINDOWS\system32\drivers\hmonitor.sys [2007-06-21 12:42] R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00] R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\WINDOWS\system32\drivers\DDCDrv.sys [2008-04-09 10:48] R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-20 09:34] R3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys [2002-05-14 13:05] R3 ZSMC302;PC CAM 300A;C:\WINDOWS\system32\Drivers\usbvm302.sys [2002-11-01 19:43] S3 NPF;Netgroup Packet Filter;C:\WINDOWS\system32\drivers\npf.sys [] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-07 11:07] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2008-06-27 15:18:14 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-29 15:50:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\rqRIbxvU.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-06-29 15:57:50 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-29 13:57:36 Pre-Run: 25,849,765,888 bytes free Post-Run: 25,834,692,608 bytes free 311 kada mi je combo restartovao, kada sam se ulogovao rekao mi je da svuhost nije startovan ili tako nesto zato sto nema nekog packet dll file-a

Profil

dr_Bora Poslao: 29 Jun 2008 17:02 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\mlJDsQHx.dll_old C:\WINDOWS\system32\rqRIbxvU.dll C:\WINDOWS\system32\mlfcache.dat C:\WINDOWS\Fonts\1.txt C:\WINDOWS\Fonts\is157454.exe C:\WINDOWS\system32\svuhost.exe C:\WINDOWS\system32\vtUMEWmJ.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D0880C3-CDC3-4505-B9E4-30A25D3B1792}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E02BBA0-1CA1-4697-96BA-67FBAAD52CFE}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE27E908-4C06-4BAE-88A0-655D0CE752CB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Windows Sound"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Windows Sound"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIbxvU] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

sense Poslao: 29 Jun 2008 18:18 Idi na vrh
offline sense Novi MyCity građanin Pridružio: 28 Jun 2008 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uradio sam. evo loga ComboFix 08-06-20.4 - Sasa 2008-06-29 17:21:14.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.165 [GMT 2:00] Running from: C:\Documents and Settings\Sasa\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Sasa\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\Fonts\1.txt C:\WINDOWS\Fonts\is157454.exe C:\WINDOWS\system32\mlfcache.dat C:\WINDOWS\system32\mlJDsQHx.dll_old C:\WINDOWS\system32\rqRIbxvU.dll C:\WINDOWS\system32\svuhost.exe C:\WINDOWS\system32\vtUMEWmJ.dll . /wow section - STAGE 38 pv: No matching processes found The syntax of the command is incorrect. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Fonts\1.txt C:\WINDOWS\Fonts\is157454.exe C:\WINDOWS\system32\JmWEMUtv.ini C:\WINDOWS\system32\JmWEMUtv.ini2 C:\WINDOWS\system32\mlfcache.dat C:\WINDOWS\system32\mlJDsQHx.dll_old C:\WINDOWS\system32\rqRIbxvU.dll C:\WINDOWS\system32\svuhost.exe C:\WINDOWS\system32\vtUMEWmJ.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))) . 2008-06-27 23:42 . 2008-06-27 23:42 95 --a------ C:\WINDOWS\wininit.ini 2008-06-27 22:57 . 2008-06-27 22:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-27 11:12 . 2008-06-28 02:04 <DIR> d-------- C:\Program Files\Garena 2008-06-25 15:48 . 2008-06-25 15:48 69 --a------ C:\WINDOWS\cdplayer.ini 2008-06-20 16:48 . 2008-06-25 11:13 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-06-17 12:09 . 2008-06-17 12:09 1,961 --a------ C:\WINDOWS\ST5UNST.003 2008-06-17 12:08 . 2008-06-17 12:08 1,961 --a------ C:\WINDOWS\ST5UNST.002 2008-06-17 12:07 . 2008-06-17 12:07 1,961 --a------ C:\WINDOWS\ST5UNST.001 2008-06-17 07:46 . 1999-09-28 18:42 1,050,896 --a------ C:\WINDOWS\system32\MSJet35.dll 2008-06-17 07:46 . 1999-08-25 11:57 415,504 --a------ C:\WINDOWS\system32\MsRepl35.dll 2008-06-17 07:46 . 1998-04-24 00:00 252,176 --a------ C:\WINDOWS\system32\MSRD2x35.dll 2008-06-17 07:46 . 1998-04-24 00:00 123,664 --a------ C:\WINDOWS\system32\MSJInt35.dll 2008-06-17 07:46 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll 2008-06-17 07:46 . 1997-01-16 00:00 75,536 --a------ C:\WINDOWS\system32\PICCLP32.OCX 2008-06-17 07:46 . 1998-05-31 00:00 72,704 --a------ C:\WINDOWS\system32\ODBCTL32.dll 2008-06-17 07:45 . 1998-04-24 00:00 24,848 --a------ C:\WINDOWS\system32\MSJtEr35.dll 2008-06-17 07:45 . 2008-06-17 07:47 4,805 --a------ C:\WINDOWS\ST5UNST.000 2008-06-15 21:28 . 2008-06-15 21:28 <DIR> d-------- C:\Program Files\Common Files\Autodata Limited Shared 2008-06-15 21:04 . 2008-06-15 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodata Limited 2008-06-14 21:45 . 2008-06-14 21:45 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-06-14 21:45 . 2008-06-14 21:45 <DIR> d-------- C:\Program Files\Ahead 2008-06-14 12:44 . 2004-08-04 14:00 1,376 --a------ C:\WINDOWS\system32\comctl29q.ocx 2008-06-13 12:57 . 2008-06-13 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-06-08 13:37 . 2008-06-27 10:59 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-06-08 13:37 . 2008-06-08 13:37 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\PC Tools 2008-06-08 13:37 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-06-08 13:37 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-06-08 13:37 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-06-08 13:37 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-06-07 22:29 . 2008-06-27 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-06 22:17 . 2008-06-06 22:17 <DIR> d-------- C:\Program Files\Philips Semiconductors 2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\MEGAUPLOADTOOLBAR 2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Locktime 2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\DivX 2008-06-05 22:21 . 2008-06-05 22:21 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Nero 2008-06-05 22:21 . 2008-06-27 22:42 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Babylon 2008-06-05 13:45 . 2008-06-05 13:45 <DIR> d-------- C:\Program Files\Diskeeper Corporation 2008-06-05 13:45 . 2008-06-05 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation 2008-06-04 19:36 . 2008-06-04 19:36 <DIR> d-------- C:\Program Files\AskSBar 2008-06-04 19:36 . 2008-06-04 19:36 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll 2008-06-04 19:35 . 2008-06-04 21:25 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Comodo 2008-06-04 09:02 . 2008-06-04 09:02 <DIR> d-------- C:\Program Files\Display Tuner 2008-06-04 09:02 . 2008-04-09 10:48 10,240 --a------ C:\WINDOWS\system32\drivers\ddcdrv.sys 2008-06-01 12:59 . 1999-06-25 10:55 149,504 --a------ C:\WINDOWS\UNWISE.EXE 2008-05-30 13:15 . 2008-05-30 13:15 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Locktime 2008-05-30 13:13 . 2008-06-05 10:15 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro 2008-05-30 13:13 . 2008-05-30 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime 2008-05-30 11:54 . 2008-06-26 02:29 <DIR> d-------- C:\Program Files\Soulseek 2008-05-30 11:52 . 2008-05-30 11:53 <DIR> d-------- C:\Program Files\Ares . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-29 15:26 --------- d-----w C:\Documents and Settings\Sasa\Application Data\uTorrent 2008-06-29 13:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-29 13:41 --------- d-----w C:\Documents and Settings\Sasa\Application Data\mIRC 2008-06-29 09:25 --------- d-----w C:\Program Files\mIRC 2008-06-27 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon 2008-06-27 16:14 --------- d-----w C:\Program Files\Valve 2008-06-27 13:09 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Skype 2008-06-27 12:28 --------- d-----w C:\Documents and Settings\Sasa\Application Data\skypePM 2008-06-27 09:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-26 09:52 --------- d-----w C:\Program Files\sXe Injected 2008-06-26 00:34 --------- d-----w C:\Documents and Settings\Sasa\Application Data\LimeWire 2008-06-23 11:23 --------- d-----w C:\Program Files\Warcraft III 2008-06-23 08:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995 2008-06-19 11:14 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-19 11:13 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-06-13 20:09 --------- d-----w C:\Program Files\Opera 2008-06-13 10:57 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2008-06-13 10:57 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-06-13 10:38 --------- d-----w C:\Program Files\Zoom Player 2008-06-11 18:43 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Babylon 2008-06-10 20:18 --------- d-----w C:\Documents and Settings\Sasa\Application Data\MyPhoneExplorer 2008-06-09 20:02 --------- d-----w C:\Program Files\ACD Systems 2008-06-09 19:29 --------- d-----w C:\Documents and Settings\Sasa\Application Data\gtk-2.0 2008-06-08 11:32 --------- d-----w C:\Program Files\DVBPortal 2008-06-06 08:33 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Winamp 2008-06-04 17:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-04 12:44 --------- d-----w C:\Program Files\Hard Disk Sentinel 2008-06-01 17:17 --------- d-----w C:\Program Files\AIMP2 2008-05-29 20:33 --------- d-----w C:\Program Files\Fraps 2008-05-28 21:35 --------- d-----w C:\Program Files\Google 2008-05-27 20:06 --------- d-----w C:\Program Files\ElcomSoft 2008-05-25 06:50 --------- d-----w C:\Program Files\Dream Aquarium 2008-05-22 15:57 20 ----a-w C:\sccfg.sys 2008-05-22 10:22 --------- d-----w C:\Program Files\Achilles-Script 3.7 2008-05-21 11:46 --------- d-----w C:\Program Files\Solveig Multimedia 2008-05-21 11:46 --------- d-----w C:\Program Files\Common Files\Solveig Multimedia 2008-05-21 11:46 --------- d-----w C:\Program Files\Common Files\Elecard 2008-05-19 13:30 --------- d-----w C:\Program Files\The KMPlayer 2008-05-19 08:11 --------- d-----w C:\Program Files\Babylon 2008-05-17 14:38 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Nero 2008-05-17 14:37 --------- d-----w C:\Program Files\Common Files\Nero 2008-05-17 14:35 --------- d-----w C:\Program Files\Nero 2008-05-17 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-05-17 07:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro 2008-05-16 18:50 89,600 ----a-w C:\WINDOWS\system32\atl71.dll 2008-05-16 18:50 503,808 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-05-16 18:50 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-05-16 18:50 258,352 ----a-w C:\WINDOWS\system32\unicows.dll 2008-05-16 18:50 1,053,184 ----a-w C:\WINDOWS\system32\mfc71u.dll 2008-05-16 11:41 --------- d-----w C:\Program Files\Windows Installer Clean Up 2008-05-16 11:41 --------- d-----w C:\Program Files\MSECACHE 2008-05-12 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\BlazeVideo 2008-05-07 09:07 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe 2008-05-07 09:07 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-05-06 19:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-05-06 17:13 --------- d-----w C:\Program Files\Activision 2008-05-06 17:12 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-06 09:21 --------- d-----w C:\Program Files\X-Fusions Wallpaper 2008-05-06 09:19 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-05-06 09:19 1,388,544 ----a-w C:\WINDOWS\system32\msvbvm60.dll 2008-05-05 18:56 --------- d-----w C:\Program Files\SHOUTcast Source 2008-05-05 18:24 --------- d-----w C:\Program Files\Unlocker 2008-05-05 08:37 --------- d-----w C:\Documents and Settings\Nino\Application Data\HP 2008-04-28 06:52 2,121,235 ----a-w C:\WINDOWS\system32\x264vfw.dll 2008-04-18 17:15 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll 2008-02-25 18:10 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-06 12:29 88 --sha-r C:\WINDOWS\system32\E6FF164BA3.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-29_15.57.08.48 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-29 13:49:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-29 15:28:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-06-29 13:50:06 16,384 ----a-w C:\WINDOWS\Temp\Cookies\index.dat + 2008-06-29 15:29:23 16,384 ----a-w C:\WINDOWS\Temp\Cookies\index.dat - 2008-06-29 13:50:36 32,768 ----a-w C:\WINDOWS\Temp\History\History.IE5\index.dat + 2008-06-29 15:29:23 16,384 ----a-w C:\WINDOWS\Temp\History\History.IE5\index.dat + 2008-06-29 15:29:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_768.dat - 2008-06-29 13:50:12 32,768 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat + 2008-06-29 15:29:31 32,768 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 05:15 83968] "Quick TV Agent"="C:\Program Files\Terminator\Quick TV\Scheduled.exe" [2004-10-11 11:46 740352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-28 21:27 185896] "RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240] "PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-05-19 10:12 3551456] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 14:00 53760 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472] TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2008-01-05 18:02:51 57344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hard Disk Sentinel] --a------ 2008-05-22 12:47 3264000 C:\Program Files\Hard Disk Sentinel\HDSentinel.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet "ares"="C:\Program Files\Ares\Ares.exe" -h "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Hard Disk Sentinel"="C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "D:\\ApexDC++\\ApexDC.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "C:\\Program Files\\Valve\\hlds.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\Garena\\Garena.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "55380:TCP"= 55380:TCP:tshack R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21] R1 hmonitor;hmonitor;C:\WINDOWS\system32\drivers\hmonitor.sys [2007-06-21 12:42] R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00] R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\WINDOWS\system32\drivers\DDCDrv.sys [2008-04-09 10:48] R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-20 09:34] R3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys [2002-05-14 13:05] R3 ZSMC302;PC CAM 300A;C:\WINDOWS\system32\Drivers\usbvm302.sys [2002-11-01 19:43] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-07 11:07] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2008-06-27 15:18:14 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-29 17:29:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************ . Completion time: 2008-06-29 17:39:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-29 15:39:01 ComboFix2.txt 2008-06-29 13:57:51 Pre-Run: 25,796,198,400 bytes free Post-Run: 25,783,619,584 bytes free 314 Dopuna: 29 Jun 2008 18:18 ne desava mi se vise ovaj problem hvala ti puno car si! da li treba jos nesto da uradim?

Profil

dr_Bora Poslao: 29 Jun 2008 18:35 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

sense Poslao: 29 Jun 2008 18:50 Idi na vrh
offline sense Novi MyCity građanin Pridružio: 28 Jun 2008 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uradjeno sve sto si mi rekao jos jednom veliko hvala za svu pomoc. Pozdrav

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virus gasi Windows Explorer

Ko je trenutno na forumu

Ukupno su 1034 korisnika na forumu :: 46 registrovanih, 6 sakrivenih i 982 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., AK - 230, babaroga, Ben Roj, Bobrock1, cavatina, crnitrn, DonRumataEstorski, dragoljub11987, Duh sa sekirom, Dukelander, Excalibur13, FileFinder, FOX, Frunze, havoc995, ILGromovnik, ivan1973, JimmyNapoli, Još malo pa deda, Koridor, Kubovac, ladro, mercedesamg, mile23, mile33, MiroslavD, mkukoleca, mnn2, nemkea71, nenad81, nikoladim, Panter, panzerwaffe, pirke96, radionica1, raptorsi, Shinobi, Sirius, skvara, SlaKoj, tubular, vathra, Vl veliki, zlatkoa987, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by