MyCity » Ambulanta -> Arhiva Ambulante » Proverka Windows XP

Proverka Windows XP

Napisano na dan: 8.3.2008

Proverka Windows XP

Sledeća strana

Pagination

Odgovori

BaDMaN19 Poslao: 08 Mar 2008 19:25 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! kompjuterot raboti mnogu sporo i cesto pojavuva greski... .eve log od hijack this Logfile of HijackThis v1.99.1 Scan saved at 19:22:12, on 08.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe D:\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\smhost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\TuneUp Utilities 2007\Integrator.exe C:\Documents and Settings\Zoran\My Documents\ht\ht.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {22342B44-5B98-4B30-9D53-C182AD8DF217} - C:\WINDOWS\system32\wvuttsr.dll O2 - BHO: - {371C6960-302C-45D0-9504-50B820247439} - c:\Program Files\Indentix\WinGet\WinIE.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O2 - BHO: (no name) - {E84FFCA1-8436-4F9C-BB03-9B33F706D1F9} - C:\WINDOWS\system32\jkklj.dll O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TVWDMDrv] C:\WINDOWS\system32\drivers\tvwdmdrv.exe O4 - HKLM\..\Run: [GrooveMonitor] "D:\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Spooler Host] smhost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - Global Startup: BlueSoleil.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with &WinGet - [Link mogu videti samo ulogovani korisnici]\Program Files\Indentix\WinGet\WinIE.dll/300 O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: wvuttsr - C:\WINDOWS\SYSTEM32\wvuttsr.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple mDNSResponder - Apple Computer, Inc. - C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Profil

dr_Bora Poslao: 08 Mar 2008 22:52 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Vidim da imaš instalirana dva antivirus programa. Odluči se za jedan, a drugi deinstaliraj. ------------------------------------------------------------------------------------- 1) Pokreni HT, skeniraj i čekiraj sledeće linije: O4 - HKLM\..\Run: [Spooler Host] smhost.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present a zatim klikni Fix Checked. ------------------------------------------------------------------------------------- 2) Skini VundoFix: [Link mogu videti samo ulogovani korisnici] * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Fix Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt ------------------------------------------------------------------------------------- 3) Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

BaDMaN19 Poslao: 09 Mar 2008 21:33 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Gi zavrsiv site 3 raboti.. vo meguvreme gi izbrisav bitdefender i avast i sea imam instalirano ESET Smart Security... eve log od VundoFix VundoFix V7.0.1 Scan started at 21:05:46 09.03.2008 Listing files found while scanning.... C:\windows\system32\jkklj.dll C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini2 Beginning removal... Attempting to delete C:\windows\system32\jkklj.dll C:\windows\system32\jkklj.dll Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini2 C:\windows\system32\jlkkj.ini2 Has been deleted! Performing Repairs to the registry. Done! eve log od ComboFix ------------------------ ComboFix 08-03-09.1 - Zoran 2008-03-09 21:17:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.131 [GMT 1:00] Running from: C:\Documents and Settings\Zoran\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - svchost.exe: deleted 68 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\cbxuspn.dll C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx C:\WINDOWS\system32\ddcaxxv.dll C:\WINDOWS\system32\drivers\tvwdmdrv.exe C:\WINDOWS\system32\fccbyya.dll C:\WINDOWS\system32\gebaabx.dll C:\WINDOWS\system32\ljjkllm.dll C:\WINDOWS\system32\nnnkihe.dll C:\WINDOWS\system32\nnnklmm.dll C:\WINDOWS\system32\pmnoolm.dll C:\WINDOWS\system32\qomjijg.dll C:\WINDOWS\system32\rqrsrpn.dll C:\WINDOWS\system32\rqrsrqo.dll C:\WINDOWS\system32\urqpnki.dll C:\WINDOWS\system32\vtuuvwu.dll C:\WINDOWS\system32\wvuttsr.dll C:\WINDOWS\system32\wvuvtuu.dll C:\WINDOWS\system32\yayxvtr.dll . ((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))) . 2008-03-09 21:05 . 2008-03-09 21:11 <DIR> d-------- C:\VundoFix Backups 2008-03-08 20:03 . 2008-03-08 20:03 <DIR> d-------- C:\Program Files\ESET 2008-03-08 20:03 . 2008-03-08 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-03-08 19:30 . 2008-03-08 19:33 <DIR> d-------- C:\Program Files\DU Meter 2008-03-08 19:30 . 2008-03-08 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2008-03-08 19:18 . 2008-03-08 19:18 <DIR> d-------- C:\Documents and Settings\Zoran\Application Data\TuneUp Software 2008-03-08 19:17 . 2008-03-08 19:17 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2008-03-08 19:17 . 2008-03-08 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-08 19:17 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-03-07 22:02 . 2008-03-07 20:01 82,944 -r-hs---- C:\WINDOWS\system32\smhost.exe 2008-02-12 19:01 . 2008-02-12 19:03 <DIR> d-------- C:\Documents and Settings\Zoran\Application Data\mIRC . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-09 17:11 --------- d-----w C:\Documents and Settings\Zoran\Application Data\Skype 2008-03-09 17:01 --------- d-----w C:\Program Files\mIRC 2008-03-08 18:51 --------- d-----w C:\Program Files\Common Files\BitDefender 2008-03-08 18:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-01 15:23 --------- d-----w C:\Program Files\LimeWire 2008-03-01 15:06 --------- d-----w C:\Documents and Settings\Zoran\Application Data\BearShare 2008-01-14 13:30 --------- d-----w C:\Program Files\Macrogaming 2006-03-13 12:48 56 -csh--r C:\WINDOWS\system32\61EB0A14ED.sys 2006-03-13 12:48 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . `<pre> ----a-w 264,704 1995-03-01 01:10:00 C:\Documents and Settings\Zoran\Desktop\Igri\Buba mara .exe ----a-w 126,634 1991-11-12 07:35:22 C:\Documents and Settings\Zoran\Desktop\Igri\Memorija .exe </pre>` ------- Sigcheck ------- 2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2004-08-04 00:05 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe 2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2005-03-02 01:34 2067712 73c6d7f370eee2330162a8dd3302159c C:\WINDOWS\system32\ntkrnlpa.exe 2005-03-02 01:34 2067712 73c6d7f370eee2330162a8dd3302159c C:\WINDOWS\system32\VITrans\ntkrnlpa.exe 2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2004-08-03 22:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe 2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2005-03-02 01:59 2190208 ba9c5fd985ba9de863f482b892b0e4ad C:\WINDOWS\system32\ntoskrnl.exe 2005-03-02 01:59 2190208 ba9c5fd985ba9de863f482b892b0e4ad C:\WINDOWS\system32\VITrans\ntoskrnl.exe 2004-08-03 23:56 1422336 4b0011b8e35843966a3ce5685058420f C:\WINDOWS\explorer.exe 2004-08-03 23:56 1422336 4b0011b8e35843966a3ce5685058420f C:\WINDOWS\system32\VITrans\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CF60906-FB3A-4381-BE96-CA28D2FD3F80}] C:\WINDOWS\system32\jkklj.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-03-08 19:33 2582288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 06:47 7311360] "GrooveMonitor"="D:\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 06:47 86016] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) "NoLogoff"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuttsr] wvuttsr.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Zoran^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Documents and Settings\Zoran\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent] --a------ 2001-06-18 09:49 94208 C:\Program Files\CyberLink\PowerVCRII\Agent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-01-02 18:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06AXLRD_3163968] --a------ 2005-06-03 18:30 301776 C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series] --a--c--- 2002-04-10 03:04 74240 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock] --a------ 2004-09-20 00:27 65536 C:\Program Files\LClock\LClock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a--c--- 2005-11-11 06:47 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2006-11-08 13:27 222208 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a--c--- 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent] --a--c--- 2001-06-11 09:52 28672 C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-02-10 11:25 15969280 C:\WINDOWS\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2007-02-05 17:35 25370152 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] --a------ 2006-05-03 09:48 307200 C:\Program Files\Styler\Styler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-11-10 12:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVdiag] --a------ 2001-08-17 11:25 158720 C:\PROGRA~1\GENIET~1\TVdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVremote] --a------ 2002-10-31 14:53 282624 C:\PROGRA~1\GENIET~1\TVremote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2006-06-21 18:14 35328 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-01-19 11:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Maxima-5.11.0\\wxMaxima\\wxMaxima.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "D:\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "D:\\Microsoft Office\\Office12\\GROOVE.EXE"= "D:\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\BearFlix\\bearflix.exe"= "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Documents and Settings\\Zoran\\My Documents\\mirc\\CS27+\\mIRC.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21] R2 Apple mDNSResponder;Apple mDNSResponder;C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe [2004-09-30 11:08] R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 15:19] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56] S2 BT848;CxVCap, WDM Video Capture;C:\WINDOWS\system32\drivers\cxvcap.sys [2002-10-04 12:40] S2 BTTUNER;MPEG.TV, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [] S2 BTXBAR;MPEG.TV, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [] S2 CXTUNER;CxTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\CXTUNER.sys [2002-10-04 12:40] S2 CXXBAR;CxXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\CXXBAR.sys [2002-10-04 12:41] S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [] S3 ids00118;ids00118;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2008-03-08 18:18:20 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-09 21:24:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe . ************************************************************************ . Completion time: 2008-03-09 21:29:20 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-09 20:29:15 Pozdrav i cekam odgovor sto e mozno pobrzo

Profil

dr_Bora Poslao: 09 Mar 2008 22:40 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\smhost.exe Folder:: C:\VundoFix Backups Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CF60906-FB3A-4381-BE96-CA28D2FD3F80}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuttsr]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

BaDMaN19 Poslao: 09 Mar 2008 23:19 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-03-09.1 - Zoran 2008-03-09 23:05:00.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.119 [GMT 1:00] Running from: C:\Documents and Settings\Zoran\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Zoran\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\smhost.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\VundoFix Backups\addmorefiles.txt C:\VundoFix Backups\jkklj.dll.bad C:\VundoFix Backups\jlkkj.ini.bad C:\VundoFix Backups\jlkkj.ini2.bad C:\WINDOWS\system32\smhost.exe . ((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))) . 2008-03-08 20:03 . 2008-03-08 20:03 <DIR> d-------- C:\Program Files\ESET 2008-03-08 20:03 . 2008-03-08 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-03-08 19:30 . 2008-03-08 19:33 <DIR> d-------- C:\Program Files\DU Meter 2008-03-08 19:30 . 2008-03-08 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2008-03-08 19:18 . 2008-03-08 19:18 <DIR> d-------- C:\Documents and Settings\Zoran\Application Data\TuneUp Software 2008-03-08 19:17 . 2008-03-08 19:17 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2008-03-08 19:17 . 2008-03-08 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-08 19:17 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-02-12 19:01 . 2008-02-12 19:03 <DIR> d-------- C:\Documents and Settings\Zoran\Application Data\mIRC . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-09 22:04 --------- d-----w C:\Documents and Settings\Zoran\Application Data\Skype 2008-03-09 17:01 --------- d-----w C:\Program Files\mIRC 2008-03-08 18:51 --------- d-----w C:\Program Files\Common Files\BitDefender 2008-03-08 18:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-01 15:23 --------- d-----w C:\Program Files\LimeWire 2008-03-01 15:06 --------- d-----w C:\Documents and Settings\Zoran\Application Data\BearShare 2008-01-14 13:30 --------- d-----w C:\Program Files\Macrogaming 2008-01-06 13:35 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2006-03-13 12:48 56 -csh--r C:\WINDOWS\system32\61EB0A14ED.sys 2006-03-13 12:48 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . `<pre> ----a-w 264,704 1995-03-01 01:10:00 C:\Documents and Settings\Zoran\Desktop\Igri\Buba mara .exe ----a-w 126,634 1991-11-12 07:35:22 C:\Documents and Settings\Zoran\Desktop\Igri\Memorija .exe </pre>` ------- Sigcheck ------- 2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2004-08-04 00:05 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe 2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2005-03-02 01:34 2067712 73c6d7f370eee2330162a8dd3302159c C:\WINDOWS\system32\ntkrnlpa.exe 2005-03-02 01:34 2067712 73c6d7f370eee2330162a8dd3302159c C:\WINDOWS\system32\VITrans\ntkrnlpa.exe 2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2004-08-03 22:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe 2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2005-03-02 01:59 2190208 ba9c5fd985ba9de863f482b892b0e4ad C:\WINDOWS\system32\ntoskrnl.exe 2005-03-02 01:59 2190208 ba9c5fd985ba9de863f482b892b0e4ad C:\WINDOWS\system32\VITrans\ntoskrnl.exe 2004-08-03 23:56 1422336 4b0011b8e35843966a3ce5685058420f C:\WINDOWS\explorer.exe 2004-08-03 23:56 1422336 4b0011b8e35843966a3ce5685058420f C:\WINDOWS\system32\VITrans\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-03-08 19:33 2582288] "Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 06:47 7311360] "GrooveMonitor"="D:\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 06:47 86016] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) "NoLogoff"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Zoran^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Documents and Settings\Zoran\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent] --a------ 2001-06-18 09:49 94208 C:\Program Files\CyberLink\PowerVCRII\Agent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-01-02 18:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06AXLRD_3163968] --a------ 2005-06-03 18:30 301776 C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series] --a--c--- 2002-04-10 03:04 74240 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock] --a------ 2004-09-20 00:27 65536 C:\Program Files\LClock\LClock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a--c--- 2005-11-11 06:47 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2006-11-08 13:27 222208 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a--c--- 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent] --a--c--- 2001-06-11 09:52 28672 C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-02-10 11:25 15969280 C:\WINDOWS\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2007-02-05 17:35 25370152 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] --a------ 2006-05-03 09:48 307200 C:\Program Files\Styler\Styler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-11-10 12:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVdiag] --a------ 2001-08-17 11:25 158720 C:\PROGRA~1\GENIET~1\TVdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVremote] --a------ 2002-10-31 14:53 282624 C:\PROGRA~1\GENIET~1\TVremote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2006-06-21 18:14 35328 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-01-19 11:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Maxima-5.11.0\\wxMaxima\\wxMaxima.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "D:\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "D:\\Microsoft Office\\Office12\\GROOVE.EXE"= "D:\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\BearFlix\\bearflix.exe"= "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Documents and Settings\\Zoran\\My Documents\\mirc\\CS27+\\mIRC.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21] R2 Apple mDNSResponder;Apple mDNSResponder;C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe [2004-09-30 11:08] R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 15:19] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56] S2 BT848;CxVCap, WDM Video Capture;C:\WINDOWS\system32\drivers\cxvcap.sys [2002-10-04 12:40] S2 BTTUNER;MPEG.TV, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [] S2 BTXBAR;MPEG.TV, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [] S2 CXTUNER;CxTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\CXTUNER.sys [2002-10-04 12:40] S2 CXXBAR;CxXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\CXXBAR.sys [2002-10-04 12:41] S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [] S3 ids00118;ids00118;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2008-03-08 18:18:20 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-09 23:09:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . Completion time: 2008-03-09 23:12:50 ComboFix-quarantined-files.txt 2008-03-09 22:12:21 ComboFix2.txt 2008-03-09 20:29:20

Profil

dr_Bora Poslao: 10 Mar 2008 06:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako sada radi kompjuter? Primetiš li neke konkretne probleme?

Profil

BaDMaN19 Poslao: 12 Mar 2008 10:11 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislim da je mnogu podobar sega. Fala mnogu i pozdrav

Profil

dr_Bora Poslao: 12 Mar 2008 16:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Proverka Windows XP

Ko je trenutno na forumu

Ukupno su 1086 korisnika na forumu :: 118 registrovanih, 8 sakrivenih i 960 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Alexa77, Alexandar-1973, Aristotle2002, Asteker, bgs, Bojan198527, bokisha253, Bombarder, Boris BM, boro975, BORUTUS, Cirkon, cojapop, colji, crazydkure, cyprus, DalmatinacMF, darkangel, darkojbn, dearg, Dimitrise93, Dogma21, Dorcolac, dukajov, dule10savic, Dzoni Stek, Dzoni70, Feller, Fullback, gacesam, GandorCC, ginjica, goran.vvv, HogarStrashni, Igritelj, ikan, Jakonjveliki, jalos, JankoS, Jonbonjovi, Jose, Josef, Kalem, Konda, kontrasvijeta, krkalon, Krusarac, Kukuvaja, Leonov, Lieutenant, ljuba.b, LostInSpaceandTime, macak44, MaksicZoran, mercedesamg, Mercury, miki kv, mikidragi, mikrimaus, Miletić Zoran, MILO-VAN, Milos1389, mir, mist-mist, mkukoleca, mocnijogurt, moldway, mrav pesadinac, nebidrag, nebojsag, nelezele, niksa517, Nomica, novator, obsc, oldtimer, opt1, pablojepao, pceklic, pein, Peruta, pisac12, Polemarchoi, Pururin, raketaš, raykan, Razdroid, Ripanjac, rovac, Sančo, sekretar, Shinobi, shone34, Sr.Stat., stalja, stegonosa, TalicniTom, tamno.nebo, tecataki, tehnika, Tribal, uruk, vensla, voja64, Vojkan Petrovic, vrag81, Vzor50, x011, X3, XBMC, Yellow Pinky, ZetaMan, zokizemun, Zorge, Zrcalo, ZZZ, 787, 1453

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by