MyCity » Ambulanta -> Arhiva Ambulante » Pomoc

Pomoc

Napisano na dan: 25.11.2008

Pomoc

Odgovori

stanoye Poslao: 25 Nov 2008 02:39 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Avast mi prijavljuje BV:AutoRun-E [Wrm] i koju god operaciju da izvrsim, ponovo se javlja isto upozprenje da imam virus. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:02:02, on 25.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\VTTimer.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hawking\HWU8DD\HWU8DD.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\DOCUME~1\Ivan\LOCALS~1\Temp\{1C057EAB-382E-42C7-ADB3-CC30DC4C5733}\InfoSystem_gadget_by_adni18.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\TEMP\tempo-165.tmp C:\Documents and Settings\Ivan\Desktop\New Folder\TR3.exe.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: InfoSystem.lnk = C:\Documents and Settings\Ivan\My Documents\Customize\InfoSystem_gadget_by_adni18.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - lads.myspace.com/upload/MySpaceUploader1005.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3398F7C9-3C64-4CE1-B93B-F82012B1124A}: NameServer = 85.255.112.156;85.255.112.190 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 6196 bytes Dopuna: 25 Nov 2008 2:39 Uradio sam system restore i problem je resen.

Profil

Piksi Poslao: 25 Nov 2008 11:50 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A da ti ipak postaviš novi HijackThis log? Da proverimo za svaki slučaj da li je sada sve u redu...

Profil

stanoye Poslao: 25 Nov 2008 17:23 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema problema. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:19:56, on 25.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\VTTimer.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hawking\HWU8DD\HWU8DD.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\DOCUME~1\Ivan\LOCALS~1\Temp\{1C057EAB-382E-42C7-ADB3-CC30DC4C5733}\InfoSystem_gadget_by_adni18.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ivan\Desktop\TR3\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ask.com/?o=101677&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: InfoSystem.lnk = C:\Documents and Settings\Ivan\My Documents\Customize\InfoSystem_gadget_by_adni18.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - lads.myspace.com/upload/MySpaceUploader1005.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 6094 bytes

Profil

Piksi Poslao: 26 Nov 2008 15:15 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. -------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

stanoye Poslao: 26 Nov 2008 23:47 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-26.03 - Ivan 2008-11-26 23:40:24.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.582 [GMT 1:00] Running from: c:\documents and settings\Ivan\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 ))))))))))))))))))))))))))))))) . 2008-11-26 15:23 . 2008-11-26 15:23 <DIR> d-------- c:\windows\system32\scripting 2008-11-26 15:23 . 2008-11-26 15:23 <DIR> d-------- c:\windows\system32\en 2008-11-26 15:23 . 2008-11-26 15:23 <DIR> d-------- c:\windows\l2schemas 2008-11-26 15:00 . 2008-04-14 01:12 712,704 --------- c:\windows\system32\windowscodecs.dll 2008-11-26 15:00 . 2008-04-14 01:12 346,112 --------- c:\windows\system32\windowscodecsext.dll 2008-11-26 15:00 . 2008-04-14 01:12 276,992 --------- c:\windows\system32\wmphoto.dll 2008-11-26 15:00 . 2008-04-14 01:12 69,120 --------- c:\windows\system32\wlanapi.dll 2008-11-26 15:00 . 2008-04-14 01:12 53,248 --------- c:\windows\system32\tsgqec.dll 2008-11-26 15:00 . 2008-04-14 01:12 50,688 --------- c:\windows\system32\tspkg.dll 2008-11-26 15:00 . 2008-04-14 01:12 32,768 --------- c:\windows\system32\setupn.exe 2008-11-26 15:00 . 2008-04-13 19:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys 2008-11-26 14:58 . 2008-04-14 01:11 397,312 --------- c:\windows\system32\mmcex.dll 2008-11-26 14:57 . 2008-04-14 01:11 650,752 --------- c:\windows\system32\dot3ui.dll 2008-11-26 14:56 . 2008-04-14 01:11 136,192 --------- c:\windows\system32\aaclient.dll 2008-11-26 11:21 . 2008-11-26 16:10 1,393 --a------ c:\windows\imsins.BAK 2008-11-26 11:15 . 2008-11-26 11:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5} 2008-11-25 11:59 . 2008-11-25 16:01 <DIR> d-------- c:\documents and settings\Ivan\Application Data\FrostWire 2008-11-25 11:58 . 2008-11-25 11:59 <DIR> d-------- c:\program files\FrostWire 2008-11-25 11:49 . 2008-11-25 11:50 <DIR> d-------- c:\program files\AskBarDis 2008-11-25 02:28 . 2008-11-25 02:28 <DIR> d-------- c:\program files\Innovative Solutions 2008-11-25 01:35 . 2008-11-25 02:28 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-11-25 01:35 . 2008-11-25 01:35 <DIR> d-------- c:\documents and settings\Ivan\Application Data\SUPERAntiSpyware.com 2008-11-25 00:37 . 2008-11-25 00:37 <DIR> d-------- c:\documents and settings\Ivan\DoctorWeb 2008-11-24 09:36 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2008-11-24 09:36 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2008-11-23 23:12 . 2008-11-23 23:12 <DIR> d-------- c:\program files\Panda Security 2008-11-23 22:53 . 2008-11-23 22:57 <DIR> d-------- c:\documents and settings\Ivan\.housecall6.6 2008-11-23 20:48 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2008-11-23 20:40 . 2008-11-23 20:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater(2) 2008-11-23 20:36 . 2008-11-23 20:49 <DIR> d-------- c:\windows\LastGood(2) 2008-11-23 17:02 . 2008-11-23 23:15 <DIR> d-------- c:\program files\Google 2008-11-22 04:23 . 2004-08-04 08:56 221,184 --a------ c:\windows\system32\wmpns.dll 2008-11-21 23:17 . 2008-11-21 23:17 <DIR> d-------- c:\program files\MSXML 4.0 2008-11-21 18:17 . 2008-11-21 18:17 <DIR> d-------- c:\windows\Sun 2008-11-21 17:54 . 2008-11-21 17:54 <DIR> d-------- c:\program files\Java 2008-11-21 17:54 . 2008-11-21 17:54 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-21 17:54 . 2008-11-21 17:54 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-21 17:39 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-21 17:38 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-21 17:38 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-21 17:38 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-21 17:18 . 2006-12-03 17:15 111,104 --a------ c:\windows\system32\uharc.exe 2008-11-21 17:18 . 2004-09-03 23:43 199 --a------ c:\windows\system32\paypal.url 2008-11-21 17:18 . 2006-05-26 22:54 83 --a------ c:\windows\system32\winx.url 2008-11-21 15:57 . 2008-11-21 18:44 <DIR> d-------- c:\windows\SxsCaPendDel 2008-11-21 15:01 . 2008-11-21 15:01 <DIR> d-------- c:\program files\Hawking 2008-11-21 15:01 . 2005-10-28 11:38 402,432 --a------ c:\windows\system32\drivers\ZD1211BU.sys 2008-11-21 15:01 . 2004-01-14 11:25 81,920 --a------ c:\windows\system32\ZDPN50.DLL 2008-11-21 15:01 . 2005-03-18 15:35 31,744 --a------ c:\windows\system32\drivers\ZDPSp50a64.sys 2008-11-21 15:01 . 2005-06-08 18:44 29,184 --a------ c:\windows\system32\drivers\BRGSp50a64.sys 2008-11-21 15:01 . 2004-03-23 16:38 28,672 --a------ c:\windows\system32\InsDrvZD.dll 2008-11-21 15:01 . 2003-03-14 12:24 24,576 --a------ c:\windows\system32\ZyDelReg.exe 2008-11-21 15:01 . 2005-06-08 18:44 20,608 --a------ c:\windows\system32\drivers\BRGSp50.sys 2008-11-21 15:01 . 2004-10-25 13:40 17,664 --a------ c:\windows\system32\drivers\ZDPSp50.sys 2008-11-21 15:01 . 2004-01-14 11:30 17,151 --a------ c:\windows\system32\ZDPNDIS5.SYS 2008-11-21 15:01 . 2005-07-12 14:44 15,872 --a------ c:\windows\system32\InsDrvZD64.DLL 2008-11-19 15:02 . 2008-11-19 15:02 <DIR> d-------- c:\windows\system32\drivers\umdf 2008-11-19 14:52 . 2008-11-19 14:53 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-11-18 02:14 . 2008-11-18 02:14 57,284 --ah----- c:\windows\system32\mlfcache.dat 2008-11-18 00:01 . 2008-11-18 00:01 <DIR> d-------- c:\documents and settings\Ivan\Application Data\Apple Computer 2008-11-17 23:52 . 2008-11-17 23:52 <DIR> d-------- c:\program files\MSECache 2008-11-17 11:09 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-16 12:08 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-15 00:58 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-14 20:12 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2008-11-11 09:30 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-10 11:10 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-10 10:49 . 2008-05-01 15:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-11-09 19:45 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-08 19:12 . 2008-11-09 15:56 <DIR> d-------- C:\platodvdripper 2008-11-08 18:20 . 2008-11-08 18:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink 2008-11-08 14:24 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-07 16:01 . 2008-11-07 16:01 <DIR> d-------- c:\windows\provisioning 2008-11-07 16:01 . 2008-11-26 15:23 <DIR> d-------- c:\windows\peernet 2008-11-07 15:59 . 2008-11-26 15:24 <DIR> d-------- c:\windows\ServicePackFiles 2008-11-07 15:51 . 2008-11-26 15:10 <DIR> d-------- c:\windows\EHome 2008-11-06 16:21 . 2008-11-06 16:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-11-05 09:39 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2008-11-05 09:39 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui 2008-11-05 09:39 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2008-11-05 09:39 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui 2008-11-02 19:56 . 2008-10-23 13:23 1,488,688 --a------ c:\windows\system32\legitcheckcontrol.dll.bak 2008-11-02 19:56 . 2008-10-23 04:15 332,672 --a------ c:\windows\system32\wgatray.exe.bak 2008-11-02 19:56 . 2008-10-23 04:15 200,064 --a------ c:\windows\system32\wgalogon.dll.bak 2008-10-31 20:11 . 2008-10-31 20:11 <DIR> d-------- c:\documents and settings\Ivan\Application Data\Uniblue 2008-10-29 12:56 . 2008-10-29 13:04 <DIR> d-------- c:\documents and settings\Ivan\Application Data\vlc 2008-10-29 01:04 . 2008-10-29 12:45 <DIR> d-------- c:\documents and settings\Ivan\Application Data\vlc(2) 2008-10-26 14:13 . 2008-11-14 16:04 <DIR> d-------- c:\documents and settings\Ivan\Application Data\Rainlendar 2008-10-26 14:12 . 2008-10-26 14:12 <DIR> d-------- c:\program files\Rainlendar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-25 16:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-25 01:45 --------- d-----w c:\documents and settings\Ivan\Application Data\IObit 2008-11-25 01:28 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-24 09:13 --------- d-----w c:\program files\IObit 2008-11-21 14:01 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-09 18:32 67,752 ----a-w c:\documents and settings\Ivan\Application Data\GDIPFONTCACHEV1.DAT 2008-11-07 17:03 163,712 ----a-w c:\windows\system32\drivers\vidstub.sys 2008-11-07 15:44 --------- d-----w c:\program files\MSN Messenger 2008-11-03 10:47 --------- d-----w c:\documents and settings\Ivan\Application Data\MyPhoneExplorer 2008-10-29 11:45 --------- d-----w c:\documents and settings\Ivan\Application Data\dvdcss 2008-10-29 00:11 --------- d-----w c:\program files\Stardock 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-18 18:07 --------- d-----w c:\documents and settings\Ivan\Application Data\Vista Start Menu 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-27 20:12 --------- d-----w c:\documents and settings\Ivan\Application Data\DNA 2008-09-27 15:02 724,992 ----a-w c:\windows\iun6002.exe 2008-09-20 15:03 2,757,120 ----a-w c:\windows\system32\logonuiX.exe 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-09-03 15:05 2,864 ----a-w c:\windows\system32\winsock.dll 2008-08-26 19:11 987,136 ----a-w c:\windows\system32\VSFilter.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-08 22:08 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648] "BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336] "LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187] "WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2004-08-02 176128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-21 136600] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-11-01 c:\windows\system32\VTTrayp.exe] c:\documents and settings\Ivan\Start Menu\Programs\Startup\ InfoSystem.lnk - c:\documents and settings\Ivan\My Documents\Customize\InfoSystem_gadget_by_adni18.exe [2007-07-06 760320] Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2006-01-21 118784] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Hawking Wireless Utility.lnk - c:\program files\Hawking\HWU8DD\HWU8DD.exe [2008-11-21 483328] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\\WINDOWS\\system32\\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "vidc.xvid"= xvid.dll "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "c:\\WINDOWS\\system32\\java.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2006-12-23 9728] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2006-12-23 11264] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-03 110160] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560] R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2006-12-23 75925] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2006-12-23 36583] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys [2006-12-23 10005] R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2006-12-23 9510] R3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\DRIVERS\zd1211Bu.sys [2008-11-21 402432] S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BRGSp50.sys [2008-11-21 20608] S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2007-04-24 108680] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136] . Contents of the 'Scheduled Tasks' folder 2008-11-25 c:\windows\Tasks\Pareto UNS.job - c:\program files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe [] 2006-12-24 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [] . - - - - ORPHANS REMOVED - - - - Notify-WgaLogon - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\pt9rdxqs.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.rs/ FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-26 23:42:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-26 23:43:37 ComboFix-quarantined-files.txt 2008-11-26 22:43:17 Pre-Run: 13,115,940,864 bytes free Post-Run: 13,143,449,600 bytes free 231 --- E O F --- 2008-11-26 15:10:14

Profil

Piksi Poslao: 27 Nov 2008 22:14 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Priloženi log ne pokazuje tragove malware-a. Ostaje nam da deinstaliramo ComboFix -> Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

stanoye Poslao: 28 Nov 2008 19:34 Idi na vrh
offline stanoye Građanin Pridružio: 24 Sep 2008 Poruke: 33 Gde živiš: BG	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! hvala na trudu

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc

Ko je trenutno na forumu

Ukupno su 871 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 865 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Avalon015, draganl, draggan, ILGromovnik, marsovac 2, voja64

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by