MyCity » Ambulanta -> Arhiva Ambulante » Ne mogu da pronadjem virus

Ne mogu da pronadjem virus

Napisano na dan: 12.8.2008

Strana:
1
2
3

Ne mogu da pronadjem virus

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

moosawa Poslao: 12 Avg 2008 17:59 Idi na vrh
offline moosawa Novi MyCity građanin Pridružio: 26 Maj 2008 Poruke: 19 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:46:32, on 12.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Programme\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\vVX6000.exe C:\Programme\Java\jre1.6.0_03\bin\jusched.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\programme\slide\slide.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\User\Desktop\Neuer Ordner\Komplikovano.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von chello broadband n.v. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = vie.surfer.at:8080 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Gold.Manager - {67956585-9B5C-4E2B-ABE1-A01BF3046EE1} - C:\WINDOWS\system32\goldmng.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Programme\Zango\bin\10.3.70.0\HostIE.dll (file missing) O3 - Toolbar: enlfxgw - {A61C6CD7-49E2-4A57-B1BB-6F23DA1DBDF0} - C:\WINDOWS\enlfxgw.dll (file missing) O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Programme\Zango\bin\10.3.70.0\HostIE.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ChelloDesktop] C:\Programme\chello\ChelloDesktop.exe O4 - HKLM\..\Run: [ChelloBackground] C:\Programme\chello\ChelloMessenger.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [ZangoSA] "C:\Programme\Zango\bin\10.3.70.0\ZangoSA.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule\emule.exe -AutoStart O4 - HKCU\..\Run: [slide.exe] c:\programme\slide\slide.exe O4 - HKCU\..\Run: [Voipwise] "C:\Programme\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized O4 - HKCU\..\Run: [DLD.EXE] C:\Programme\Download Direct\DLD.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [Meteo Fusion] "C:\Programme\Eggiz\Meteo Fusion\Meteo Fusion.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "G:\Razni programi\Interaktivni kurs Nemacki\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [SkinClock] C:\Programme\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [PerfectClock2007] "C:\Programme\PerfectClock\perfectClock2007.exe" O4 - HKCU\..\Run: [WeatherDPA] "C:\Programme\Zango\bin\10.3.70.0\Weather.exe" -auto O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Programme\IDA\ida.exe -autorun O4 - HKCU\..\Run: [SpyEmergency] G:\Spy Emergency 2008\SpyEmergency.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration-PCTV.lnk = C:\Programme\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe O8 - Extra context menu item: &Search - [Link mogu videti samo ulogovani korisnici] O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: RapidShare-Download - [Link mogu videti samo ulogovani korisnici]\DOKUME~1\User\LOKALE~1\Temp\ir_ext_temp_0\AutoPlay\Docs\more-rapid.exe/RsMenExt.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Quick Login [Link mogu videti samo ulogovani korisnici] - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing) O9 - Extra 'Tools' menuitem: &Quick Login [Link mogu videti samo ulogovani korisnici] - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://home.deu.chello.at/ssi/welcome/welcome.php?url=home O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [Link mogu videti samo ulogovani korisnici] O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Boonty Games - Unknown owner - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - G:\Razni programi\Interaktivni kurs Nemacki\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) -- End of file - 11916 bytes Pozdrav svima. Potrebna mi je mala pomoc,inace sam potuno nestrucna oko ovoga.Naime stalno mi izbacuje prozorcic kako mi je C:/WINDOWS zarazen,i baca me na net kako bih skinula neki program,koji je naravno isto tako zarazen(to mi prijavljuje Kaspersky).Inace pokusala sam sa njim da pretrazim C:/Windows vec nekoliko puta ali ne prijavljuje nista. Juce sam pronasla nekih 40 virusa,crvica i svacega u kompjuteru,ali Kaspersky ne prijavljuje vise nista,a stano mi izbacuje kako mi je comp zarazen. Trazila sam svasta po netu,ali sve me zbunjuje,tako da zaista ne znam sta da radim. Moze li mi neko pomoci? Hvala unapred

Profil

bobby Poslao: 12 Avg 2008 21:20 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

moosawa Poslao: 12 Avg 2008 22:44 Idi na vrh
offline moosawa Novi MyCity građanin Pridružio: 26 Maj 2008 Poruke: 19 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skinula sam program sa prvog linka, i Kaspersy mi je prijavio virus!!! O cemu se radi?

Profil

bobby Poslao: 13 Avg 2008 06:07 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kaspersky ti nije prijavio virus, vec ti je prijavio riskware tool, a razlika je ogromna. Iskljuci Kaspersky, skini ComboFix i skeniraj kao sto sam ti napisao.

Profil

moosawa Poslao: 13 Avg 2008 12:30 Idi na vrh
offline moosawa Novi MyCity građanin Pridružio: 26 Maj 2008 Poruke: 19 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini.Pogresno sam razumela. Evo skenirala sam. Hvala ComboFix 08-08-12.01 - User 2008-08-13 10:50:55.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.122 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\User\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA\ZangoSA.dat C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA\ZangoSA_kyf_update.dat C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA\ZangoSAAbout.mht C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA\ZangoSAau.dat C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA\ZangoSAEula.mht C:\Dokumente und Einstellungen\godest\Favoriten\Error Cleaner.url C:\Dokumente und Einstellungen\godest\Favoriten\Privacy Protector.url C:\Dokumente und Einstellungen\godest\Favoriten\Spyware&Malware Protection.url C:\Dokumente und Einstellungen\User\Anwendungsdaten\FunWebProducts C:\Dokumente und Einstellungen\User\Anwendungsdaten\inst.exe C:\Dokumente und Einstellungen\User\Anwendungsdaten\WeatherDPA C:\Dokumente und Einstellungen\User\Anwendungsdaten\WeatherDPA\Weather\WeatherStartup.xml C:\Dokumente und Einstellungen\User\Anwendungsdaten\Zango C:\Programme\MyWebSearch C:\Programme\MyWebSearch\bar\History\search2 C:\Programme\MyWebSearch\bar\Settings\s_pid.dat C:\Programme\MyWebSearch\bar\Settings\setting2.htm C:\Programme\MyWebSearch\bar\Settings\setting2.htm.bak C:\Programme\MyWebSearch\bar\Settings\settings.dat C:\Programme\MyWebSearch\bar\Settings\settings.dat.bak C:\WINDOWS\rs.txt C:\WINDOWS\system32\bassmod.dll C:\WINDOWS\system32\goldmng.dll . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((( Dateien erstellt von 2008-07-13 bis 2008-08-13 )))))))))))))))))))))))))))))) . 2008-08-12 21:42 . 2008-05-01 16:34 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 21:41 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-10 17:23 . 2008-08-10 17:23 45,056 --a------ C:\WINDOWS\system32\goldManager.dll 2008-08-10 17:22 . 2008-08-10 17:22 45,056 --a------ C:\WINDOWS\system32\goldman.dll 2008-08-10 16:20 . 2008-08-10 16:49 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Internet Download Accelerator 2008-08-09 23:15 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll 2008-08-09 23:15 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB 2008-08-09 22:38 . <DIR> C:\Dokumente und Einstellungen\User\Anwendungsdaten\NeroDigitalT 2008-08-09 21:58 . 2008-08-09 21:58 <DIR> d-------- C:\Programme\NeroInstall.bak 2008-08-06 00:41 . 2008-08-12 15:19 <DIR> d-------- C:\Programme\Webteh 2008-08-06 00:41 . 2008-08-12 15:18 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BSplayer PRO 2008-07-14 16:34 . 2008-08-11 14:52 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\skypePM 2008-07-14 16:34 . 2008-07-14 16:34 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-13 09:03 44,359,200 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-13 08:59 601,388 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-13 08:59 168,164 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-13 08:59 1,738,272 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-13 08:40 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2008-08-12 13:21 --------- d-----w C:\Programme\Google 2008-08-11 16:01 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype 2008-08-10 21:12 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\DMCache 2008-08-09 21:17 --------- d-----w C:\Programme\Gemeinsame Dateien\Nero 2008-08-09 21:17 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero 2008-08-09 20:38 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\NeroDigital™ 2008-08-09 16:24 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\Vso 2008-08-06 18:01 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-08-03 16:24 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-07-16 21:36 --------- d-----w C:\Programme\DivX 2008-07-12 21:35 --------- d-----w C:\Programme\RapidLeecher 2008-07-12 21:30 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 22:12 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-22 11:35 --------- d-----w C:\Dokumente und Einstellungen\godest\Anwendungsdaten\Ahead 2008-06-21 19:35 --------- d-----w C:\Programme\Sony 2008-06-21 19:20 --------- d-----w C:\Programme\Common Files 2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-15 21:09 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia Multimedia Player 2008-06-15 13:48 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia 2008-06-15 13:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite 2008-06-15 13:11 --------- d-----w C:\Programme\Nokia 2008-06-15 13:11 --------- d-----w C:\Programme\Gemeinsame Dateien\PCSuite 2008-06-15 13:11 --------- d-----w C:\Programme\Gemeinsame Dateien\Nokia 2008-06-15 13:10 --------- d-----w C:\Programme\PC Connectivity Solution 2008-06-15 13:10 --------- d-----w C:\Programme\DIFX 2008-06-15 13:10 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\PC Suite 2008-06-15 13:08 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations 2008-06-15 07:51 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\PerfectClock2007 2008-06-14 18:00 --------- d-----w C:\Dokumente und Einstellungen\godest\Anwendungsdaten\Media Player Classic 2008-06-14 17:32 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-04-30 20:32 3,406,496 ----a-w C:\Programme\DivXCodec.exe 2008-03-13 20:49 47,360 ----a-w C:\Dokumente und Einstellungen\User\Anwendungsdaten\pcouffin.sys 2008-02-16 12:46 458 ----a-w C:\Dokumente und Einstellungen\User\Anwendungsdaten\wklnhst.dat 2007-12-02 13:25 186 ----a-w C:\Dokumente und Einstellungen\godest\Anwendungsdaten\wklnhst.dat 2007-11-13 21:26 5,704 ----a-w C:\Dokumente und Einstellungen\User\Anwendungsdaten\mdb.bin 2007-04-16 14:05 774,144 ----a-w C:\Programme\RngInterstitial.dll 2005-07-20 14:55 3,968,976 ----a-w C:\Dokumente und Einstellungen\User\MSASYNC_DE.EXE . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 Hinweis leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:22 15360] "H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-09 11:32 401491] "slide.exe"="c:\programme\slide\slide.exe" [2007-06-08 12:47 37760] "AdobeUpdater"="C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016] "VX6000"="C:\WINDOWS\vVX6000.exe" [2006-10-13 17:04 994096] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "LifeCam"="C:\Programme\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-10-08 12:41 286720] "RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 14:12 222720] "nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:23 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:22 15360] "PcSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "VIDC.PIM1"= PCLEPIM1.dll "vidc.xvid"= xvid.dll "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\Microsoft LifeCam\\LifeExp.exe"= "C:\\Programme\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows-Peer-zu-Peer-Gruppierung "3540:UDP"= 3540:UDP:Peer Name Resolution-Protokoll (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) R2 MSCamSvc;MSCamSvc;C:\Programme\Microsoft LifeCam\MSCamS32.exe [2006-10-13 17:01] R2 NwSapAgent;SAP-Agent;C:\WINDOWS\system32\svchost.exe [2008-04-14 04:23] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58] R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 20:52] R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 17:04] S3 Boonty Games;Boonty Games;C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe [] S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 13:41] S3 p2pgasvc;Peernetzwerk-Gruppenauthentifizierung;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:23] S3 p2pimsvc;Peernetzwerkidentitäts-Manager;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:23] S3 p2psvc;Peernetzwerk;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:23] S3 PNRPSvc;Peer Name Resolution-Protokoll;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:23] S3 REMOVE;REMOVE;C:\WINDOWS\system32\drivers\REMOVE.SYS [] S3 Wdm1;Vivanco USB Link Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2002-11-18 08:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Inhalt des "geplante Tasks" Ordners 2008-06-06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Programme\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . - - - - Entfernte verwaiste Registrierungseintr„ge - - - - HKCU-Run-MsnMsgr - C:\Programme\Windows Live\Messenger\msnmsgr.exe HKCU-Run-eMuleAutoStart - C:\Programme\eMule\emule.exe HKCU-Run-Voipwise - C:\Programme\Voipwise.com\Voipwise\Voipwise.exe HKCU-Run-DLD.EXE - C:\Programme\Download Direct\DLD.exe HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe HKCU-Run-Meteo Fusion - C:\Programme\Eggiz\Meteo Fusion\Meteo Fusion.exe HKCU-Run-AlcoholAutomount - G:\Razni programi\Interaktivni kurs Nemacki\Alcohol 120\axcmd.exe HKCU-Run-SkinClock - C:\Programme\Clock Tray Skins\ClockTraySkins.exe HKCU-Run-PerfectClock2007 - C:\Programme\PerfectClock\perfectClock2007.exe HKCU-Run-Internet Download Accelerator - C:\Programme\IDA\ida.exe HKCU-Run-SpyEmergency - G:\Spy Emergency 2008\SpyEmergency.exe HKLM-Run-ISUSPM Startup - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe HKLM-Run-ISUSScheduler - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe HKLM-Run-ChelloDesktop - C:\Programme\chello\ChelloDesktop.exe HKLM-Run-ChelloBackground - C:\Programme\chello\ChelloMessenger.exe HKLM-Run-NBKeyScan - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Zus„tzlicher Scan ------- . FireFox -: Profile - C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\nxjjgdn0.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - [Link mogu videti samo ulogovani korisnici] FF -: plugin - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF -: plugin - C:\Programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-08-13 11:01:22 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ********************************************************************** . ------------------------ Weitere, laufende Prozesse ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe . ************************************************************************ . Zeit der Fertigstellung: 2008-08-13 11:08:03 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2008-08-13 09:07:47 Pre-Run: 12 Verzeichnis(se), 10,643,001,344 Bytes frei Post-Run: 15 Verzeichnis(se), 15,910,477,824 Bytes frei 226 --- E O F --- 2008-08-12 20:07:04 Dopuna: 13 Avg 2008 12:30 E nema vise onog dosadnog prozorcica koji prijavljuje da mi je comp inficiran. Sinoc kasno sam defragmentizovala diskove,e evo malo pre pokusala da udjem u disk C i ne prijavljuje uopste onaj prozorcic. Sad mi bas nista nije jasno. Kako je to nestalo,a nista nisam brisala iz compa?

Profil

bobby Poslao: 13 Avg 2008 20:12 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovaj program, ComboFix, on je obrisao gomilu toga. Javaljam se kasnije. Moram da proverim log i da vidim ima li jos cega loseg u njemu. Dopuna: 13 Avg 2008 20:12 1) Preuzmi program SmitFraudFix sa ovog linka. 2.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link ] 3.) Pronađi i dvoklikom pokreni fajl Smitfraudfix.exe. Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pritisni bilo koje dugme na tastaturi za prelazak na sledeći korak. 4.) 5.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om pokrenuće ti se Windows-ov program Disk Cleanup. 6.) Biće ti postavljeno pitanje: "Registry cleaning - Do you want to clean the registry ?" odgovori "Yes" kucajući Y (i potvrdi sa Enter) 7.) Program će takođe proveriti da li je wininet.dll inficiran. Ukoliko jeste, bićeš upitan(a) oko zamene wininet.dll. Odgovori "Yes" na pitanje "Replace infected file ?" kucajući Y (i potvrdi sa Enter) Nakon što SmitFraudFix završi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svež HJT log.

Profil

moosawa Poslao: 15 Avg 2008 12:50 Idi na vrh
offline moosawa Novi MyCity građanin Pridružio: 26 Maj 2008 Poruke: 19 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo napravila sam sve kako si rekao. Nadam se da je dobro. I htela bih da napomenem,da mi je comp pre nekoliko sati ponovo poludeo. Instalirala sam neke programe ne compu i posle toga je poceo da ludi (ne znam da li je zbog tih programa,antivirus nije prijavljivao nista). Restartovao se sam nekoliko puta i pokusajem da udjem u disk C: i G: (Za G: je prijavljivao da je ostecen i da se ne moze otvoriti)zakoci ceo comp.Onda sam ga ugasila i ostavila nekih pola sata,i kada sam ga ponovo upalila sve je u redu.Bar za sada.Ne znam ima li ovo nekog znacaja,ali cisto da napomenem. A evo i izvestaja: SmitFraudFix v2.336 Scan done at 22:48:22,71, 13.08.2008 Run from C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139-Familie-PCI-Fast Ethernet-NIC - Paketplaner-Miniport DNS Server Search Order: 195.34.133.21 DNS Server Search Order: 195.34.133.22 HKLM\SYSTEM\CCS\Services\Tcpip\..\{77909780-8663-4259-9CE4-4FA5B0BAF8AB}: DhcpNameServer=195.34.133.21 195.34.133.22 HKLM\SYSTEM\CS1\Services\Tcpip\..\{77909780-8663-4259-9CE4-4FA5B0BAF8AB}: DhcpNameServer=195.34.133.21 195.34.133.22 HKLM\SYSTEM\CS2\Services\Tcpip\..\{77909780-8663-4259-9CE4-4FA5B0BAF8AB}: DhcpNameServer=195.34.133.21 195.34.133.22 HKLM\SYSTEM\CS3\Services\Tcpip\..\{77909780-8663-4259-9CE4-4FA5B0BAF8AB}: DhcpNameServer=195.34.133.21 195.34.133.22 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.34.133.21 195.34.133.22 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.34.133.21 195.34.133.22 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.34.133.21 195.34.133.22 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:24:14, on 13.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\vVX6000.exe C:\Programme\Java\jre1.6.0_03\bin\jusched.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\programme\slide\slide.exe C:\Programme\Internet Download Manager\IDMan.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\Internet Download Manager\IEMonitor.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\User\Desktop\Neuer Ordner\Komplikovano.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = vie.surfer.at:8080 O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [slide.exe] c:\programme\slide\slide.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [IDMan] C:\Programme\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration-PCTV.lnk = C:\Programme\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe O8 - Extra context menu item: &Search - [Link mogu videti samo ulogovani korisnici] O8 - Extra context menu item: Download aller Links mit IDM - C:\Programme\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV Video Inhalt mit IDM - C:\Programme\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download mit IDM - C:\Programme\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: RapidShare-Download - [Link mogu videti samo ulogovani korisnici]\DOKUME~1\User\LOKALE~1\Temp\ir_ext_temp_0\AutoPlay\Docs\more-rapid.exe/RsMenExt.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Quick Login [Link mogu videti samo ulogovani korisnici] - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing) O9 - Extra 'Tools' menuitem: &Quick Login [Link mogu videti samo ulogovani korisnici] - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://home.deu.chello.at/ssi/welcome/welcome.php?url=home O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [Link mogu videti samo ulogovani korisnici] O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Boonty Games - Unknown owner - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - G:\Razni programi\Interaktivni kurs Nemacki\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) -- End of file - 9734 bytes P.S.Jedno veliko HVALA na trudu. Dopuna: 15 Avg 2008 12:50 Jel ovo ne javljanje znaci da je sve u redu sa compom,ili samo nemate vremena??? Ja nemam vise nikakvih problema,ali htela sam samo i vase misljenje da cujem. Hvala unapred.

Profil

bobby Poslao: 15 Avg 2008 14:43 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvinjavam se, zaboravio sam da nisam odgovorio u temi... Moracu da te zamolim da napravis jos jedan ComboFix log i da ga okacis ovde. Mislim da komp jeste cist. Ostalo je bilo par fajlova koje je SmitFraudFix trebao da pocisti (ostaci nekih infekcija, neaktivni), ali se u logu ne vidi da li je odradio posao, zato te molim za jos jedan ComboFix log.

Profil

moosawa Poslao: 16 Avg 2008 01:42 Idi na vrh
offline moosawa Novi MyCity građanin Pridružio: 26 Maj 2008 Poruke: 19 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo jos jedan ComboFix log. Nije bitno sto si zaboravio.HVALA sto si mi pomogao.

Profil

bobby Poslao: 16 Avg 2008 08:42 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A gde je log?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Ne mogu da pronadjem virus

Ko je trenutno na forumu

Ukupno su 991 korisnika na forumu :: 63 registrovanih, 6 sakrivenih i 922 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Abebe Bikila, acatomic, Asteker, Atomski čoban, bigfoot, bobomicek, Boris BM, branko7, Car89, DavidA, debeli, Dekanovic, DJUNTA, Dogma21, Electron, Giro77, Gitzherai, goran.vvv, gregorxix, Heisenberg99, janezek67, jodzula, jon istvan, kokodakalo, ljuba, madza, majstro, marko.markovic, mean_machine, Metanoja, MiG-29M2, mile33, milenko crazy north, Mićko, Myamoto Musashi, nebidrag, nemkea71, nikolapetkovic, pein, Petar888, Pilence, ping15, precan, Prečanin30, reakcija1989, repac, sedan, Shinobi, Sirius, Siti2, stegonosa, strelac07, Tumansky, Velizar Laro, Velički, Vl veliki, Vlad000, vlado_pg, voja64, W123, zlaya011, Zoca, Žoržo

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by