MyCity » Ambulanta -> Arhiva Ambulante » Problem sa IE, molim pomoć

Problem sa IE, molim pomoć

Napisano na dan: 27.2.2008

Strana:
1
2

Problem sa IE, molim pomoć

Sledeća strana

Pagination

Odgovori

Strana:
1
2

petar1975 Poslao: 27 Feb 2008 12:28 Idi na vrh
offline petar1975 Građanin Pridružio: 27 Feb 2008 Poruke: 30 Gde živiš: Modriča	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prije svega pozdrav svima. Kao browser korististim Firefox, ali mi IE s vremena na vrijeme pokušava da uspostavi vezu sa http//s3.cookingluck.com/ ali ne uspjeva. Otvara prvo jedan, a zatim 5-15 prozora, kako kad. Ako ne griješim treba i hj logfile. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:50:17, on 27.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DAP\DAP.EXE C:\Documents and Settings\Petar\Desktop\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\PC Check-up\PCCheckUp.exe" -mini O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]* O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?2d15d7526dd74b a185585bcfe79ab988 O8 - Extra context menu item: Open in new foreground tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?2d15d7526dd74b a185585bcfe79ab988 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] /client/wuweb_site.cab?1189613232187 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: bxlrvps - {B4C5266E-3F3E-4291-87A4-A4ED66E8F894} - (no file) O21 - SSODL: alofkmn - {3F19339A-3011-4245-9C30-364779039F62} - C:\WINDOWS\alofkmn.dll (file missing) O21 - SSODL: KernelAvp - {37a84b5f-85eb-460c-a0e9-7797ab1b4e17} - C:\WINDOWS\Installer\{37a84b5f-85eb-460c-a0e9-7797ab1b4e17}\K ernelAvp.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleilCS - IVT Corporation. - (no file) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - (no file) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe -- End of file - 7337 bytes

Profil

helen1 Poslao: 27 Feb 2008 13:22 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz, molim te pre svega promeni ime fajla HiJackThis_v2.exe u neko drugo. Npr.petar.exe i onda skeniraj i postavi novi HJT log.

Profil

petar1975 Poslao: 27 Feb 2008 13:29 Idi na vrh
offline petar1975 Građanin Pridružio: 27 Feb 2008 Poruke: 30 Gde živiš: Modriča	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ime je promenjeno. Novi log Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 13:27:52, on 27.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\TurboLaunch\TurboLaunch.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Documents and Settings\Petar\Desktop\sorry.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\PC Check-up\PCCheckUp.exe" -mini O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]* O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?2d15d7526dd74ba185585bcfe79ab988 O8 - Extra context menu item: Open in new foreground tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?2d15d7526dd74ba185585bcfe79ab988 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: bxlrvps - {B4C5266E-3F3E-4291-87A4-A4ED66E8F894} - (no file) O21 - SSODL: alofkmn - {3F19339A-3011-4245-9C30-364779039F62} - C:\WINDOWS\alofkmn.dll (file missing) O21 - SSODL: KernelAvp - {37a84b5f-85eb-460c-a0e9-7797ab1b4e17} - C:\WINDOWS\Installer\{37a84b5f-85eb-460c-a0e9-7797ab1b4e17}\KernelAvp.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleilCS - IVT Corporation. - (no file) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - (no file) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe -- End of file - 7427 bytes

Profil

helen1 Poslao: 27 Feb 2008 17:22 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

petar1975 Poslao: 28 Feb 2008 11:42 Idi na vrh
offline petar1975 Građanin Pridružio: 27 Feb 2008 Poruke: 30 Gde živiš: Modriča	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dok je combofix skenirao, IE je se ponovno pokretao 10ak puta ComboFix 08-02-25.3 - Petar 2008-02-27 17:23:51.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.551 [GMT 1:00] Running from: C:\Documents and Settings\Petar\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))) . 2008-02-27 13:46 . 2008-02-27 13:46 <DIR> d-------- C:\VundoFix Backups 2008-02-27 11:14 . 2008-02-27 11:14 250 --a------ C:\WINDOWS\gmer.ini 2008-02-27 10:11 . 2008-02-27 10:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-27 10:11 . 2008-02-27 10:11 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\SUPERAntiSpyware.com 2008-02-27 10:11 . 2008-02-27 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-27 09:52 . 2008-02-27 09:56 <DIR> d-------- C:\fixwareout 2008-02-26 23:52 . 2008-02-27 14:42 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2008-02-26 22:58 . 2008-02-26 22:58 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\Lavasoft 2008-02-26 22:31 . 2008-02-26 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-26 21:43 . 2008-02-26 21:43 0 --a------ C:\WINDOWS\system32\BSPRINT.INI 2008-02-26 20:31 . 2008-02-26 20:31 <DIR> d-------- C:\WINDOWS\PC Check-up 2008-02-26 20:31 . 2008-02-26 20:37 <DIR> d-------- C:\Program Files\PC Check-up 2008-02-26 19:59 . 2008-02-26 20:10 8,192 --a------ C:\WINDOWS\Rpoint.exe 2008-02-26 19:58 . 2008-02-26 22:25 <DIR> d-------- C:\spywarebegone 2008-02-26 19:58 . 2008-02-26 19:58 170 --a------ C:\WINDOWS\spywarebegone-fullversion-installed.html 2008-02-26 15:27 . 2008-02-26 15:27 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-02-26 15:00 . 2002-11-22 01:00 221,184 --a------ C:\WINDOWS\system32\DartSock.dll 2008-02-26 15:00 . 2002-11-25 01:00 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll 2008-02-26 15:00 . 2000-10-10 01:00 49,152 --a------ C:\WINDOWS\system32\DartObjects.dll 2008-02-26 14:56 . 2008-02-26 14:56 <DIR> d-------- C:\Program Files\Stardock 2008-02-26 14:56 . 2003-02-26 22:27 36,864 --------- C:\WINDOWS\system32\wbsys.dll 2008-02-26 13:56 . 2008-02-26 06:35 90,112 --a------ C:\WINDOWS\fkxvkns.exe 2008-02-25 15:55 . 2008-02-12 00:54 309,916 --a------ C:\WINDOWS\wall8_2.jpg 2008-02-25 15:50 . 2008-02-25 15:50 <DIR> d-------- C:\Program Files\TGTSoft 2008-02-25 15:22 . 2008-02-25 15:22 <DIR> d-------- C:\Program Files\VirtuallTek 2008-02-25 15:17 . 2008-02-25 15:17 <DIR> d-------- C:\EasyBoot 2008-02-25 08:01 . 2008-02-25 21:36 <DIR> d-------- C:\Program Files\nLite 2008-02-16 00:55 . 2008-02-16 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2008-02-16 00:54 . 2008-02-16 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-02-16 00:49 . 2008-02-26 21:14 <DIR> d-------- C:\Program Files\NSS 2008-02-16 00:49 . 2006-08-29 15:56 32,377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys 2008-02-12 00:31 . 2008-02-12 00:31 <DIR> d-------- C:\Program Files\ASUS 2008-02-12 00:31 . 2006-01-10 16:50 24,576 --a------ C:\WINDOWS\system32\AsIO.dll 2008-02-12 00:31 . 2006-10-19 03:12 12,664 --a------ C:\WINDOWS\system32\drivers\AsIO.sys 2008-02-12 00:31 . 2006-10-19 03:11 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys 2008-02-12 00:31 . 2006-10-19 03:11 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys 2008-02-12 00:04 . 2008-02-12 00:04 280 --a------ C:\WINDOWS\game.ini 2008-02-11 00:18 . 2008-02-11 00:18 <DIR> d-------- C:\WINDOWS\system32\Der neue SEAT Toledo dir 2008-02-11 00:18 . 2008-02-11 00:18 197,120 --a------ C:\WINDOWS\system32\Der neue SEAT Toledo.scr 2008-02-11 00:12 . 2008-02-11 00:12 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-02-11 00:11 . 2008-02-11 00:11 <DIR> d-------- C:\Program Files\SEAT 2008-02-11 00:11 . 2006-05-24 18:14 3,905,099 --a------ C:\WINDOWS\system32\fr_series_screensaver.scr 2008-02-10 23:13 . 2008-02-16 23:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-10 23:13 . 2008-02-10 23:13 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-09 21:49 . 2008-02-11 22:16 <DIR> d-------- C:\Program Files\Gigatron Konfygurator 2008-02-05 06:12 . 2008-02-05 06:12 36,864 --a------ C:\t2qg 2008-02-04 15:07 . 2008-02-11 18:42 <DIR> d-------- C:\Program Files\Activision 2008-01-31 13:48 . 1999-03-24 12:10 102,400 --a------ C:\WINDOWS\system32\nslock15vb6.ocx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-27 12:58 --------- d-----w C:\Program Files\PowerISO 2008-02-27 12:55 341,242 ---h--w C:\Documents and Settings\Petar\Application Data\TurboLaunch_IconCache.dat 2008-02-27 10:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-27 10:03 --------- d-----w C:\Program Files\Nokia 2008-02-27 10:03 --------- d-----w C:\Program Files\Common Files\Nokia 2008-02-27 09:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-27 01:39 --------- d-----w C:\Program Files\AdVantage 2008-02-26 20:41 --------- d-----w C:\Program Files\Bonjour 2008-02-26 20:23 --------- d-----w C:\Program Files\NeuroTran 2008-02-26 20:16 --------- d-----w C:\Program Files\TP 2008-02-26 20:08 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-26 20:06 --------- d-----w C:\Program Files\Morgan 2008-02-26 20:05 --------- d-----w C:\Program Files\mIRC 2008-02-26 20:02 --------- d-----w C:\Program Files\Hunting Unlimited 2 2008-02-26 19:53 --------- d-----w C:\Program Files\Free Audio Pack 2008-02-26 19:53 --------- d-----w C:\Program Files\eMule 2008-02-26 19:52 --------- d-----w C:\Program Files\DivX 2008-02-26 19:45 --------- d-----w C:\Documents and Settings\Petar\Application Data\BSplayer 2008-02-26 19:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-26 19:38 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-26 18:58 724,992 ----a-w C:\WINDOWS\iun6002.exe 2008-02-26 13:21 --------- d-----w C:\Program Files\SpeedFan 2008-02-16 17:22 --------- d-----w C:\Documents and Settings\Petar\Application Data\Azureus 2008-02-14 19:50 --------- d-----w C:\Documents and Settings\Petar\Application Data\Metacafe 2008-02-11 17:56 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-02-08 10:13 --------- d-----w C:\Program Files\VirtualDJ 2008-02-08 10:13 --------- d-----w C:\Program Files\Folder Marker 2008-02-08 10:13 --------- d-----w C:\Program Files\Cheatbook Database 2006 2008-02-08 10:12 --------- d-----w C:\Program Files\Solways Task Scheduler 2008-01-31 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-28 21:35 --------- d-----w C:\Program Files\SourceTec 2008-01-28 21:35 --------- d-----w C:\Program Files\Common Files\SourceTec 2008-01-17 21:35 --------- d-----w C:\Program Files\RocketReader KidsV3 2008-01-17 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\RocketReader 2008-01-17 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\MicroSoftOcx 2008-01-15 13:55 --------- d-----w C:\Program Files\D-Tools 2008-01-14 21:15 --------- d-----w C:\Program Files\Free DVD Ripper 2008-01-14 20:52 --------- d-----w C:\Program Files\uplink 2008-01-12 18:19 --------- d-----w C:\Documents and Settings\Petar\Application Data\Gena01 2008-01-08 22:08 --------- d-----w C:\Documents and Settings\Petar\Application Data\uTorrent 2008-01-08 22:03 --------- d-----w C:\Program Files\Macromedia 2008-01-08 22:03 --------- d-----w C:\Program Files\Common Files\Macromedia 2008-01-08 22:02 --------- d-----w C:\Program Files\Hamachi 2008-01-08 22:01 --------- d-----w C:\Program Files\HackCleaner 2008-01-08 22:00 --------- d-----w C:\Program Files\Fast Folder Access 2008-01-08 21:58 47,360 ----a-w C:\Documents and Settings\Petar\Application Data\pcouffin.sys 2008-01-08 21:58 --------- d-----w C:\Program Files\VSO 2008-01-08 21:58 --------- d-----w C:\Documents and Settings\Petar\Application Data\Vso 2008-01-08 21:50 --------- d-----w C:\Program Files\01-mp3search 2008-01-08 21:36 --------- d-----w C:\Program Files\CDisplay 2008-01-07 15:56 --------- d-----w C:\Program Files\Winamp 2008-01-07 14:19 --------- d-----w C:\Program Files\Total Video Converter 2008-01-04 21:13 --------- d-----w C:\Program Files\XP Codec Pack 2007-12-30 22:26 --------- d-----w C:\Documents and Settings\Petar\Application Data\TypingMaster7 2007-12-29 01:26 --------- d-----w C:\Documents and Settings\Petar\Application Data\LimeWire 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-09-07 14:35 716800] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696] "PC-Checkup"="C:\Program Files\PC Check-up\PCCheckUp.exe" [ ] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 14:55 339968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "alofkmn"= {3F19339A-3011-4245-9C30-364779039F62} - C:\WINDOWS\alofkmn.dll [ ] "KernelAvp"= {37a84b5f-85eb-460c-a0e9-7797ab1b4e17} - C:\WINDOWS\Installer\{37a84b5f-85eb-460c-a0e9-7797ab1b4e17}\KernelAvp.dll [2008-02-26 13:56 17958] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-10-18 19:47 75064 C:\WINDOWS\system32\LMIinit.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background "Web Video Downloader"="C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" "Slawdog Smart Shutdown"=C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033 "snpstd3"=C:\WINDOWS\vsnpstd3.exe "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" /STARTUP "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\SIERRA\\Half-Life\\hl.exe"= "C:\\SIERRA\\Half-Life\\hlds.exe"= "C:\\Program Files\\DAP\\DAP.exe"= "C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "C:\\Program Files\\My Drivers\\MyDrivers.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-07-22 12:07] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 09:20] R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-09-23 20:21] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56] S1 StarPortLite;StarPort Storage Controller (Lite);C:\WINDOWS\system32\DRIVERS\StarPortLite.sys [] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05] S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dcd7781-7da0-11dc-b145-0017319b95e3}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb01b14d-60ce-11dc-ab2e-806d6172696f}] \Shell\AutoRun\command - E:\bootcd\wintools\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6360c3e-9b6d-11dc-b191-0017319b95e3}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-02-27 17:25:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\system32\BsLangInDepRes.dll -> C:\WINDOWS\Installer\{37a84b5f-85eb-460c-a0e9-7797ab1b4e17}\KernelAvp.dll . Completion time: 2008-02-27 17:25:49 ComboFix-quarantined-files.txt 2008-02-27 16:25:34 ComboFix2.txt 2008-02-27 13:42:26 . 2007-09-13 08:16:44 --- E O F --- Dopuna: 27 Feb 2008 18:03 Odoh ja u noćnu. Do sutra ujutru. Nadam se nekoj pomoći do tada Hvala. Dopuna: 28 Feb 2008 11:42 Vratio sam se. Ima li koga?

Profil

helen1 Poslao: 28 Feb 2008 13:13 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ima.Imaj malo strpljenja,mi ovo radimo dobrovoljno i kada imamo vremena. Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "alofkmn"=- "KernelAvp"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

petar1975 Poslao: 28 Feb 2008 15:03 Idi na vrh
offline petar1975 Građanin Pridružio: 27 Feb 2008 Poruke: 30 Gde živiš: Modriča	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-02-25.3 - Petar 2008-02-28 13:37:48.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.610 [GMT 1:00] Running from: C:\Documents and Settings\Petar\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Petar\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))) . 2008-02-27 13:46 . 2008-02-27 13:46 <DIR> d-------- C:\VundoFix Backups 2008-02-27 11:14 . 2008-02-27 11:14 250 --a------ C:\WINDOWS\gmer.ini 2008-02-27 10:11 . 2008-02-27 10:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-27 10:11 . 2008-02-27 10:11 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\SUPERAntiSpyware.com 2008-02-27 10:11 . 2008-02-27 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-27 09:52 . 2008-02-27 09:56 <DIR> d-------- C:\fixwareout 2008-02-26 23:52 . 2008-02-27 14:42 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2008-02-26 22:58 . 2008-02-26 22:58 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\Lavasoft 2008-02-26 22:31 . 2008-02-26 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-26 21:43 . 2008-02-26 21:43 0 --a------ C:\WINDOWS\system32\BSPRINT.INI 2008-02-26 20:31 . 2008-02-26 20:31 <DIR> d-------- C:\WINDOWS\PC Check-up 2008-02-26 20:31 . 2008-02-26 20:37 <DIR> d-------- C:\Program Files\PC Check-up 2008-02-26 19:59 . 2008-02-26 20:10 8,192 --a------ C:\WINDOWS\Rpoint.exe 2008-02-26 19:58 . 2008-02-26 22:25 <DIR> d-------- C:\spywarebegone 2008-02-26 19:58 . 2008-02-26 19:58 170 --a------ C:\WINDOWS\spywarebegone-fullversion-installed.html 2008-02-26 15:27 . 2008-02-26 15:27 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-02-26 15:00 . 2002-11-22 01:00 221,184 --a------ C:\WINDOWS\system32\DartSock.dll 2008-02-26 15:00 . 2002-11-25 01:00 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll 2008-02-26 15:00 . 2000-10-10 01:00 49,152 --a------ C:\WINDOWS\system32\DartObjects.dll 2008-02-26 14:56 . 2008-02-26 14:56 <DIR> d-------- C:\Program Files\Stardock 2008-02-26 14:56 . 2003-02-26 22:27 36,864 --------- C:\WINDOWS\system32\wbsys.dll 2008-02-26 13:56 . 2008-02-26 06:35 90,112 --a------ C:\WINDOWS\fkxvkns.exe 2008-02-25 15:55 . 2008-02-12 00:54 309,916 --a------ C:\WINDOWS\wall8_2.jpg 2008-02-25 15:50 . 2008-02-25 15:50 <DIR> d-------- C:\Program Files\TGTSoft 2008-02-25 15:22 . 2008-02-25 15:22 <DIR> d-------- C:\Program Files\VirtuallTek 2008-02-25 15:17 . 2008-02-25 15:17 <DIR> d-------- C:\EasyBoot 2008-02-25 08:01 . 2008-02-25 21:36 <DIR> d-------- C:\Program Files\nLite 2008-02-16 00:55 . 2008-02-16 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2008-02-16 00:54 . 2008-02-16 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-02-16 00:49 . 2008-02-26 21:14 <DIR> d-------- C:\Program Files\NSS 2008-02-16 00:49 . 2006-08-29 15:56 32,377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys 2008-02-12 00:31 . 2008-02-12 00:31 <DIR> d-------- C:\Program Files\ASUS 2008-02-12 00:31 . 2006-01-10 16:50 24,576 --a------ C:\WINDOWS\system32\AsIO.dll 2008-02-12 00:31 . 2006-10-19 03:12 12,664 --a------ C:\WINDOWS\system32\drivers\AsIO.sys 2008-02-12 00:31 . 2006-10-19 03:11 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys 2008-02-12 00:31 . 2006-10-19 03:11 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys 2008-02-12 00:04 . 2008-02-12 00:04 280 --a------ C:\WINDOWS\game.ini 2008-02-11 00:18 . 2008-02-11 00:18 <DIR> d-------- C:\WINDOWS\system32\Der neue SEAT Toledo dir 2008-02-11 00:18 . 2008-02-11 00:18 197,120 --a------ C:\WINDOWS\system32\Der neue SEAT Toledo.scr 2008-02-11 00:12 . 2008-02-11 00:12 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-02-11 00:11 . 2008-02-11 00:11 <DIR> d-------- C:\Program Files\SEAT 2008-02-11 00:11 . 2006-05-24 18:14 3,905,099 --a------ C:\WINDOWS\system32\fr_series_screensaver.scr 2008-02-10 23:13 . 2008-02-16 23:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-10 23:13 . 2008-02-10 23:13 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-09 21:49 . 2008-02-11 22:16 <DIR> d-------- C:\Program Files\Gigatron Konfygurator 2008-02-05 06:12 . 2008-02-05 06:12 36,864 --a------ C:\t2qg 2008-02-04 15:07 . 2008-02-11 18:42 <DIR> d-------- C:\Program Files\Activision 2008-01-31 13:48 . 1999-03-24 12:10 102,400 --a------ C:\WINDOWS\system32\nslock15vb6.ocx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-27 12:58 --------- d-----w C:\Program Files\PowerISO 2008-02-27 12:55 341,242 ---h--w C:\Documents and Settings\Petar\Application Data\TurboLaunch_IconCache.dat 2008-02-27 10:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-27 10:03 --------- d-----w C:\Program Files\Nokia 2008-02-27 10:03 --------- d-----w C:\Program Files\Common Files\Nokia 2008-02-27 09:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-27 01:39 --------- d-----w C:\Program Files\AdVantage 2008-02-26 20:41 --------- d-----w C:\Program Files\Bonjour 2008-02-26 20:23 --------- d-----w C:\Program Files\NeuroTran 2008-02-26 20:16 --------- d-----w C:\Program Files\TP 2008-02-26 20:08 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-26 20:06 --------- d-----w C:\Program Files\Morgan 2008-02-26 20:05 --------- d-----w C:\Program Files\mIRC 2008-02-26 20:02 --------- d-----w C:\Program Files\Hunting Unlimited 2 2008-02-26 19:53 --------- d-----w C:\Program Files\Free Audio Pack 2008-02-26 19:53 --------- d-----w C:\Program Files\eMule 2008-02-26 19:52 --------- d-----w C:\Program Files\DivX 2008-02-26 19:45 --------- d-----w C:\Documents and Settings\Petar\Application Data\BSplayer 2008-02-26 19:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-26 19:38 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-26 18:58 724,992 ----a-w C:\WINDOWS\iun6002.exe 2008-02-26 13:21 --------- d-----w C:\Program Files\SpeedFan 2008-02-16 17:22 --------- d-----w C:\Documents and Settings\Petar\Application Data\Azureus 2008-02-14 19:50 --------- d-----w C:\Documents and Settings\Petar\Application Data\Metacafe 2008-02-11 17:56 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-02-08 10:13 --------- d-----w C:\Program Files\VirtualDJ 2008-02-08 10:13 --------- d-----w C:\Program Files\Folder Marker 2008-02-08 10:13 --------- d-----w C:\Program Files\Cheatbook Database 2006 2008-02-08 10:12 --------- d-----w C:\Program Files\Solways Task Scheduler 2008-01-31 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-28 21:35 --------- d-----w C:\Program Files\SourceTec 2008-01-28 21:35 --------- d-----w C:\Program Files\Common Files\SourceTec 2008-01-17 21:35 --------- d-----w C:\Program Files\RocketReader KidsV3 2008-01-17 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\RocketReader 2008-01-17 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\MicroSoftOcx 2008-01-15 13:55 --------- d-----w C:\Program Files\D-Tools 2008-01-14 21:15 --------- d-----w C:\Program Files\Free DVD Ripper 2008-01-14 20:52 --------- d-----w C:\Program Files\uplink 2008-01-12 18:19 --------- d-----w C:\Documents and Settings\Petar\Application Data\Gena01 2008-01-08 22:08 --------- d-----w C:\Documents and Settings\Petar\Application Data\uTorrent 2008-01-08 22:03 --------- d-----w C:\Program Files\Macromedia 2008-01-08 22:03 --------- d-----w C:\Program Files\Common Files\Macromedia 2008-01-08 22:02 --------- d-----w C:\Program Files\Hamachi 2008-01-08 22:01 --------- d-----w C:\Program Files\HackCleaner 2008-01-08 22:00 --------- d-----w C:\Program Files\Fast Folder Access 2008-01-08 21:58 47,360 ----a-w C:\Documents and Settings\Petar\Application Data\pcouffin.sys 2008-01-08 21:58 --------- d-----w C:\Program Files\VSO 2008-01-08 21:58 --------- d-----w C:\Documents and Settings\Petar\Application Data\Vso 2008-01-08 21:50 --------- d-----w C:\Program Files\01-mp3search 2008-01-08 21:36 --------- d-----w C:\Program Files\CDisplay 2008-01-07 15:56 --------- d-----w C:\Program Files\Winamp 2008-01-07 14:19 --------- d-----w C:\Program Files\Total Video Converter 2008-01-04 21:13 --------- d-----w C:\Program Files\XP Codec Pack 2007-12-30 22:26 --------- d-----w C:\Documents and Settings\Petar\Application Data\TypingMaster7 2007-12-29 01:26 --------- d-----w C:\Documents and Settings\Petar\Application Data\LimeWire 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-09-07 14:35 716800] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696] "PC-Checkup"="C:\Program Files\PC Check-up\PCCheckUp.exe" [ ] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 14:55 339968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "KernelAvp"= {37a84b5f-85eb-460c-a0e9-7797ab1b4e17} - C:\WINDOWS\Installer\{37a84b5f-85eb-460c-a0e9-7797ab1b4e17}\KernelAvp.dll [2008-02-26 13:56 17958] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-10-18 19:47 75064 C:\WINDOWS\system32\LMIinit.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background "Web Video Downloader"="C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" "Slawdog Smart Shutdown"=C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033 "snpstd3"=C:\WINDOWS\vsnpstd3.exe "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" /STARTUP "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\SIERRA\\Half-Life\\hl.exe"= "C:\\SIERRA\\Half-Life\\hlds.exe"= "C:\\Program Files\\DAP\\DAP.exe"= "C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "C:\\Program Files\\My Drivers\\MyDrivers.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-07-22 12:07] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 09:20] R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-09-23 20:21] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56] S1 StarPortLite;StarPort Storage Controller (Lite);C:\WINDOWS\system32\DRIVERS\StarPortLite.sys [] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05] S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dcd7781-7da0-11dc-b145-0017319b95e3}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb01b14d-60ce-11dc-ab2e-806d6172696f}] \Shell\AutoRun\command - E:\bootcd\wintools\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6360c3e-9b6d-11dc-b191-0017319b95e3}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-02-28 13:41:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\system32\BsLangInDepRes.dll -> C:\WINDOWS\Installer\{37a84b5f-85eb-460c-a0e9-7797ab1b4e17}\KernelAvp.dll . Completion time: 2008-02-28 13:42:33 ComboFix-quarantined-files.txt 2008-02-28 12:42:16 ComboFix2.txt 2008-02-27 16:25:49 ComboFix3.txt 2008-02-27 13:42:26 . 2007-09-13 08:16:44 --- E O F --- Dopuna: 28 Feb 2008 14:01 Nešto je krenulo po zlu. Posle skeniranja Combofixa, računar je počeo da "šteka". Restartovao sam ga normalno Start-isključi-ponovo pokreni sistem, i posle toga radi samo u Safe modu. Dopuna: 28 Feb 2008 15:03 Došao je sebi, posle par restartovanja, a IE se i dalje isto ponaša. Ako pretjerujem s informacijama slobodno me opomenite.

Profil

helen1 Poslao: 28 Feb 2008 15:07 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne preterujes Ono sto smo pokusali da uklonimo sa onom skriptom nije otislo.Tako da ces malo sacekati dok se posavetujem sa kolegama i vidimo sta cemo dalje. Mozes li malo da opises kako nisi mogao da startujes Windows normalno,jel bilo neke poruke...?

Profil

petar1975 Poslao: 28 Feb 2008 15:30 Idi na vrh
offline petar1975 Građanin Pridružio: 27 Feb 2008 Poruke: 30 Gde živiš: Modriča	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kada je combofix završio skeniranje, slika na monitoru je izgubila "tečnost" tj. prilikom promjene aktivnih prozora, prozori se nisu izmjenjivali u momentu nego kao sa onim efektom u videu odozgo prema dole, ako razumiješ. Potom sam ga restartovao, prođe windows logo i onda samo crn ekran. Ponovo restart, sada na silu, pa start windows normaly, opet isto. Ponovo restart na silu, safe mode radi. Ponovo restart normalno neće, safe mode hoće. I tako dok nije došao sebi. Jest da sam malo popravio pritiskom RAM i grafičku dok je bio ugašen. Nikakva poruka ni slično. Dok ovo pišem IE ponovo napada. Prilikom zatvaranja javlja: iexplore.exe Apllication error. The instruction at "0x6484909"preferenced memory at "0x6484909". The memory could not be "read". Clic OK to terminate the program. Ovo se već prije javljalo ali nisam pomenuo

Profil

helen1 Poslao: 28 Feb 2008 20:05 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\fkxvkns.exe C:\WINDOWS\Installer\{37a84b5f-85eb-460c-a0e9-7797ab1b4e17}\KernelAvp.dll Folder:: C:\WINDOWS\PC Check-up C:\Program Files\PC Check-up C:\Program Files\AdVantage Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PC-Checkup"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "KernelAvp"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dcd7781-7da0-11dc-b145-0017319b95e3}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6360c3e-9b6d-11dc-b191-0017319b95e3}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa IE, molim pomoć

Ko je trenutno na forumu

Ukupno su 1309 korisnika na forumu :: 185 registrovanih, 13 sakrivenih i 1111 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: -[CoA]-, 8u47, 9191vs, A.R.Chafee.Jr., Agape, Alooo, alternator, amstel, armor, Arsenije, Asteker, Ata81, Avalon015, babaroga, Banovo Brdo, bbogdan, bbrasnjo3, Betty25, Blair, Bojan198527, bojankrstc, bokisha253, bolenbgd, Boris90, bpvl, cavatina, ccoogg123, cemix, Centauro, Cicumile, cifra, Clouseau, csipetcsapat, Dambi, Dare, DeerHunter, Dejan_vw, dejanbenkovic, dendrit86, denisnapast2015, Dimitrise93, Django777, djboj, DJUNTA, Djuro2000, Dogma21, Dorcolac, drale12, Drugsparrow, Duh sa sekirom, dule10savic, Džekson, elenemste, Ezbuck, feanor, Feller, Frunze, g_g, galico, Gerila015, gomago, goran.vvv, gregorxix, Haris, hyla, Ice, iceburn, Igritelj, ikan, istina, ivan979, Jakonjveliki, JankoS, Jeremiah, Jerry Drake, Joksss, Jomini, kikisp, Kobrim, kolle.the.kid, Koridor, Koridor 11, Kubovac, kybonacci, lcc, Lelemood, Lester Freamon, Lieutenant, LostInSpaceandTime, Lucije Kvint, M74AB3, Mackomen, markoni.slo, Martin543, mačković, metallac777, Metanoja, Mi lao shu, miki kv, Miki01, Miki281, milanpb, milenko crazy north, milenko1980, Millennium, Milos1389, mir, MiroslavD, Mićko, mnn2, moldway, momcilob55, N.e.m.a.nj.a., neko iz mase, Nemanja.M, nemkea71, novator, padamacki, Pale2025, panzerwaffe, Papadubi, peradetlić, Petarvu, pfc74, Phalanx, Pilence, pisac12, Plavi Jadran, Podljub, Povratak1912, prashinar, PrincipL, promajauglavi, raf87, rakivan, raso7, rebro1974, repac, Resad76, RJ, ruso, S-lash, sap, sasovsky, share00, Shinobi, silikon, Simulink11000, Sir Budimir, Sićko, strelac07, synergia, TBoy, tenkiasta71, TheBeastOfMG, Trivo, UAV operator, uruk, Username1000, varda, vathra, vazduh, vensla, Vica1958, Vlad000, Vlado82, voja64, vojnik švejk, VOŽD, Vrač, vuk77, vukdra, vukovi, vuksa72, Vzor50, Wrangler, x011, XBMC, XRF_d, Zoca, zokilivac, zokizemun, Zorge, Zvone, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by