Svastara

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 10.57.08, on 03/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmi\RegClean\RegClean.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Programmi\Opera 9\Opera.exe
C:\Documents and Settings\HP_Administrator\Desktop\th3\anti sipijunski.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Helper Class - {33161E98-0A6C-4d3c-BD62-3A7D56137F52} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\ExPLabs.com\LinkScanner\LinkScannerIE.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7EBD0DF4-1263-4ED3-96CB-4CDC66C58318} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {89AF1DCA-6355-4465-94B0-E3D49FD2896B} - C:\WINDOWS\system32\efcawts.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ymfevzil.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: {d151a4a0-cc90-7f5a-e7d4-2c80d21f331e} - {e133f12d-08c2-4d7e-a5f7-09cc0a4a151d} - C:\WINDOWS\system32\cidqmmrf.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [agent] C:\Programmi\LogiGuard\Master Mechanic II\agent.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [kis] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [RegClean] "C:\Programmi\RegClean\RegClean.exe" -boot
O4 - HKLM\..\Run: [rfagent] "C:\Programmi\RFA\rfagent.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\Sitecom\IVT BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\programmi\explabs.com\linkscanner\wrnetdrv.dll
O10 - Unknown file in Winsock LSP: c:\programmi\explabs.com\linkscanner\wrnetdrv.dll
O10 - Unknown file in Winsock LSP: c:\programmi\explabs.com\linkscanner\wrnetdrv.dll
O10 - Unknown file in Winsock LSP: c:\programmi\explabs.com\linkscanner\wrnetdrv.dll
O10 - Unknown file in Winsock LSP: c:\programmi\explabs.com\linkscanner\wrnetdrv.dll
O10 - Unknown file in Winsock LSP: c:\programmi\explabs.com\linkscanner\wrnetdrv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - it.pixaco.de/static/download/pixacodndupload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....6915200562
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....6915111640
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6AA5C9A-6B5D-4E9E-9340-2A1A0883C118}: NameServer = 62.13.171.4 62.13.171.5
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: efcawts - efcawts.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: ymfevzil - ymfevzil.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

Pozdrav evo poslusao sam savet ,imao sam gomilu virusa koji sam odklonio koristeci Kaspersky.Kaspersky je dosta dugo pronalazio vec opisan VIRTUMONDE.GEN sad ga vise nema. ili ga on ne nalazi . Ali jos uvek imam problema nemogu da ovorim Internet Explorer a ni Mozillu sad koristim Operu.Kad neki progran pokusam da otorim cesto mi izbacuje prozor sa uozorenjem da moze da dodje do gubljenja podataka a program koji sam otvorio radi ako ne kliknem na to da posaljem greske.Znam da imam gomili nepotrebnih programa kako da ih uklonim i koji je progam najbolji za sredjivanje Windowsa .
Hvala

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...




Za početak privremeno isključi sav zaštitni softver (KIS, Prevx, Spyware Terminator) kako ne bi ometao proces skeniranja / čišćenja.




Zatim skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-03-14.4 - HP_Administrator 2008-03-15 17.10.18.2 - NTFSx86
Eseguito da: C:\Documents and Settings\HP_Administrator\Desktop\th3\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\ResErrors.log

.
((((((((((((((((((((((((( Files Creati Da 2008-02-15 al 2008-03-15 )))))))))))))))))))))))))))))))))))
.

2008-03-15 16:54 . 2008-03-15 16:54 4,561,816 --a------ C:\sump3_5_2435_209 kuplljenn.exe
2008-03-15 16:25 . 2008-03-15 16:25 34 --a------ C:\WINDOWS\pxsetup.rf
2008-03-15 16:24 . 2008-03-15 16:24 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-15 12:13 . 2008-03-15 12:13 <DIR> d-------- C:\Programmi\WinPcap
2008-03-15 11:37 . 2008-03-15 11:54 <DIR> d-------- C:\VundoFix Backups
2008-03-14 23:54 . 2008-03-14 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-03-09 14:10 . 2008-03-15 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\RFA_Backups
2008-03-09 14:01 . 2008-03-09 14:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Dati applicazioni\RegClean
2008-03-09 08:31 . 2008-03-09 08:32 <DIR> d-------- C:\Sanjarica
2008-03-09 08:11 . 2008-03-15 17:00 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-03-09 08:11 . 2008-03-09 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-03-09 08:11 . 2008-03-15 17:12 6,888,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-09 08:11 . 2008-03-15 13:14 92,720 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-09 08:11 . 2008-03-15 17:12 35,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-09 08:11 . 2008-03-15 13:14 3,476 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-04 18:34 . 2008-03-04 18:57 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Dati applicazioni\Prevx
2008-03-02 17:28 . 2008-03-02 17:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Dati applicazioni\Snapfish
2008-03-02 13:57 . 2008-03-02 13:57 <DIR> d-------- C:\Programmi\VoipStunt.com
2008-03-02 13:57 . 2008-03-02 13:57 <DIR> d-------- C:\Programmi\ACD Systems
2008-03-02 13:57 . 2008-03-02 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems
2008-03-02 13:55 . 2008-03-02 13:55 <DIR> d-------- C:\Programmi\Vinci al SuperEnalotto 2
2008-03-02 13:55 . 2008-03-02 13:55 <DIR> d-------- C:\Programmi\Veoh Networks
2008-03-02 13:55 . 2008-03-02 13:55 <DIR> d-------- C:\Programmi\NEXT 3D ARREDAMENTO D'INTERNI
2008-03-02 13:55 . 2008-03-02 13:55 <DIR> d-------- C:\Programmi\Mario Forever
2008-03-02 13:55 . 2008-03-02 13:55 <DIR> d-------- C:\Programmi\Le Guide di Finson Patente Europea per il Computer 2
2008-03-02 13:55 . 2008-03-02 13:55 <DIR> d-------- C:\Programmi\Hair Pro 2006 Light
2008-02-21 17:00 . 2008-02-21 17:00 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Dati applicazioni\syslibero
2008-02-20 22:03 . 2008-03-02 13:55 <DIR> d-------- C:\Programmi\SysLibero
2008-02-20 21:29 . 2008-02-20 21:29 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Dati applicazioni\ProtezionefiData
2008-02-20 21:28 . 2008-03-02 13:55 <DIR> d-------- C:\Programmi\ProtezionefiData
2008-02-16 20:39 . 2008-02-16 20:39 <DIR> d-------- C:\Programmi\Navman

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 16:00 --------- d-----w C:\Programmi\Mozilla Thunderbird
2008-03-15 15:57 --------- d-----w C:\Programmi\Uniblue
2008-03-15 12:33 --------- d-----w C:\Programmi\Spyware Terminator
2008-03-15 11:11 --------- d-----w C:\Programmi\iViVo
2008-03-15 11:09 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-15 10:54 --------- d-----w C:\Programmi\PowerISO
2008-03-15 10:37 --------- d-----w C:\Documents and Settings\HP_Administrator\Dati applicazioni\CallingID
2008-03-14 22:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Dati applicazioni\Skype
2008-03-14 19:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-03-13 12:09 --------- d-----w C:\Programmi\Zortam Mp3 Media Studio
2008-03-13 12:09 --------- d-----w C:\Programmi\Microsoft ActiveSync
2008-03-09 07:08 --------- d-----w C:\Programmi\ESET
2008-03-07 18:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CanonIJPLM
2008-03-02 12:57 --------- d-----w C:\Programmi\File comuni\ACD Systems
2008-03-02 12:55 --------- d-----w C:\Programmi\TorrenTopia
2008-03-01 19:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic
2008-02-27 15:35 --------- d-----w C:\Documents and Settings\HP_Administrator\Dati applicazioni\Uniblue
2008-02-03 11:51 --------- d-----w C:\Programmi\PrestoNotes
2008-02-03 10:45 --------- d-----w C:\Programmi\Ashampoo
2008-01-27 07:59 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe
2008-01-21 20:00 140 ------w C:\Documents and Settings\HP_Administrator\Dati applicazioni\wklnhst.dat
2008-01-19 23:03 --------- d-----w C:\Programmi\HP
2008-01-19 17:06 --------- d-----w C:\Programmi\LogiGuard
2007-06-03 20:31 540,000 ----a-w C:\Programmi\System Cleaner 5.50.zip
2007-05-30 19:13 4,660,390 ----a-w C:\Programmi\DV_Install_Demo_v21.exe
2007-05-30 19:05 947,526 ----a-w C:\Programmi\waver.zip
2007-05-30 19:03 186,767 ----a-w C:\Programmi\audc80konvertor.exe
2007-05-30 18:39 4,408,592 ----a-w C:\Programmi\vfvh571i fax.exe
2007-05-20 08:56 814,016 ----a-w C:\Programmi\Google_Updater.exe
2007-05-19 08:06 6,337,564 ----a-w C:\Programmi\WebUpdaterForLegacyOperatingSystems_240.exe
2007-05-19 07:57 4,310,568 ----a-w C:\Programmi\WebUpdater_241 za navigator.exe
2007-05-06 17:17 17,938,288 ----a-w C:\Programmi\Install_Messenger.exe
2007-05-06 15:33 10,064,213 ----a-w C:\Programmi\POILoader_232.exe
2007-05-06 10:46 669,184 ----a-w C:\Programmi\Nokia_Connectivity_Cable_Driver_6_80_5_1_ita.msi
2007-05-06 10:45 658,432 ----a-w C:\Programmi\nokia_connectivity_cable_driver_rel_6_81_1_spa.msi
2007-05-06 10:07 2,372,760 ----a-w C:\Programmi\winzip90.exe
2007-05-06 10:05 13,185,024 ----a-w C:\Programmi\Nokia_DKU-5_1_24.exe
2007-05-06 08:45 273,229,544 ----a-w C:\Programmi\WindowsXP-KB835935-SP2-ITA.exe
2007-05-06 08:20 445,208 ----a-w C:\Programmi\windowsxp-kb838989-X86-ITA.exe
2007-05-06 08:08 5,034,240 ----a-w C:\Programmi\DriverDetective.exe
2007-05-06 08:04 829,577 ----a-w C:\Programmi\modem_it.chm
2007-05-05 22:32 994,304 ----a-w C:\Programmi\Setup.msi
2007-05-05 22:01 21,485,136 ----a-w C:\Programmi\Nokia_PC_Suite_683_rel_14_1_ita_web.exe
2007-05-05 21:29 23,785,680 ----a-w C:\Programmi\NokiaSoftwareUpdaterSetup_it.exe
2007-05-05 15:40 840,192 ----a-w C:\Programmi\Nokia_Connectivity_Cable_Driver_rel_6_83_9_0_eng.msi
2007-05-05 15:39 6,685 ----a-w C:\Programmi\Nokia6103_MS_BT.inf
2007-05-05 15:39 6,494 ----a-w C:\Programmi\Nokia6103BT.inf
2007-04-30 11:31 4,212,210 ----a-w C:\Programmi\Demo_SSTworld.exe
2007-04-30 11:27 4,064,518 ----a-w C:\Programmi\bettinggenius30.exe
2007-04-29 00:11 1,087,682 ----a-w C:\Programmi\subtitleworkshop251.zip
2007-04-24 16:09 10,451,656 ----a-w C:\Programmi\XLVIEWER.EXE
2007-04-24 16:05 28,508,368 ----a-w C:\Programmi\FileFormatConverters.exe
2007-04-24 16:01 1,321 ----a-w C:\Programmi\katalog18apr07.CSV
2007-04-24 15:51 4,792,136 ----a-w C:\Programmi\CX.EXE
2007-04-24 15:48 735,232 ----a-w C:\Programmi\katalog18Apr07.xls
2007-04-24 15:46 12,337,352 ----a-w C:\Programmi\WDVIEWER.EXE
2007-04-19 20:34 122,880 ----a-w C:\Programmi\Download_wma-mp3-converter.exe
2007-04-18 08:37 1,014,730 ----a-w C:\Programmi\PowerISO37.exe
2007-03-28 22:14 6,597,960 ----a-w C:\Programmi\audioconverter_wmf_setup.exe
2007-03-28 22:08 4,708,303 ----a-w C:\Programmi\mms1001.exe
2007-03-28 21:33 404,890 ----a-w C:\Programmi\switch.zip
2007-03-25 09:56 122,880 ----a-w C:\Programmi\Download_AliveWMAMP3Recorder.exe
2007-03-25 06:50 3,326,142 ----a-w C:\Programmi\DupKillerSetup081.zip
2007-03-20 22:19 4,107,201 ----a-w C:\Programmi\burn4free_setup.exe
2007-03-20 21:48 1,219,544 ----a-w C:\Programmi\mp3cddoctorlite.exe
2007-03-18 22:48 1,988,744 ----a-w C:\Programmi\trojanb6758.exe
2007-03-18 22:42 414,580 ----a-w C:\Programmi\Megamp3Split_2.0b.zip
2007-03-18 11:58 59,392 ----a-w C:\Programmi\Italian_Serie_A_06-07.mdb
2007-03-18 10:13 2,863,832 ----a-w C:\Programmi\DeepBurner1.exe
2007-03-18 08:37 15,342,568 ----a-w C:\Programmi\20070317-017-i32.exe
2007-03-18 08:31 13,445,912 ----a-w C:\Programmi\XPBP_ESD_IT.exe
2007-03-17 22:42 3,109,256 ----a-w C:\Programmi\LinkScannerProSetup_2_5_2_0052_9.exe
2007-03-16 18:05 402,208 ----a-w C:\Programmi\rainbow(zabranjeno)-1.2-win.zip
2007-03-16 15:22 652,560 ----a-w C:\Programmi\pdf2text.exe
2007-03-16 13:44 1,622,912 ----a-w C:\Programmi\CuteWriter.exe
2007-03-16 12:57 697,042 ----a-w C:\Programmi\Scan2PDF.zip
2007-03-16 10:12 934,479 ----a-w C:\Programmi\TE20Setup.exe
2007-03-13 15:34 71,737,595 ----a-w C:\Programmi\200301010000aib.zip
2007-03-13 15:17 3,519,074 ----a-w C:\Programmi\teach800.exe
2007-03-13 15:12 23,510,720 ----a-w C:\Programmi\dotnetfx.exe
2007-03-13 14:14 14,730,232 ----a-w C:\Programmi\DivXPlay.exe
2007-03-11 21:30 1,834,548 ----a-w C:\Programmi\tbrush35 slikanje.exe
2007-03-11 21:21 34,959,384 ----a-w C:\Programmi\5.05.18.00_ntune_winxp_international.exe
2007-03-11 21:19 9,590,117 ----a-w C:\Programmi\kmp.exe
2007-03-11 21:14 4,237,337 ----a-w C:\Programmi\RLSetup_Final.exe
2007-03-11 21:10 34,282,256 ----a-w C:\Programmi\AVSTVBox.exe
2007-03-11 20:58 24,836,360 ----a-w C:\Programmi\acdsee.exe
2007-03-11 20:52 3,424,620 ----a-w C:\Programmi\MP4 Video Player.zip
2007-03-11 14:29 2,649,601 ----a-w C:\Programmi\winsonar_free_70103.zip
2007-03-11 13:17 988,039 ----a-w C:\Programmi\starsetup.exe
2007-03-11 10:50 6,932,421 ----a-w C:\Programmi\Alcohol52.zip
2007-03-11 10:45 2,579,338 ----a-w C:\Programmi\MyPhoneExplorer_Setup_1.5.9.exe
2007-03-11 10:40 1,118,786 ----a-w C:\Programmi\installer_Ringtone_CD_Ripper.exe
2007-03-11 10:38 1,665,325 ----a-w C:\Programmi\agsetup sa cd-ea.exe
2007-03-11 10:31 12,128,824 ----a-w C:\Programmi\SimpleDivX.zip
2007-03-11 01:21 6,806,391 ----a-w C:\Programmi\bsplayer215[1].943_clip.exe
2007-03-11 01:11 945,368 ----a-w C:\Programmi\videoinspector.zip
2007-03-11 01:05 727,888 ----a-w C:\Programmi\DivFix++_v0.28-Win32.zip
2007-03-11 00:58 3,468,424 ----a-w C:\Programmi\ffdshow-rev1016_20070310.zip
2007-03-11 00:55 7,680,064 ----a-w C:\Programmi\DivX521XP2K.exe
2007-03-11 00:56 56 --sh--r C:\WINDOWS\system32\590BA312D1.sys
2007-03-11 00:56 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
----a-w            61,440 2008-03-09 13:45:27  C:\hp\KBD\KBD .EXE
----a-w         1,603,152 2008-03-09 13:45:33  C:\Programmi\Canon\MyPrinter\BJMyPrt .exe
----a-w           644,696 2008-03-09 13:45:31  C:\Programmi\Canon\SolutionMenu\CNSLMAIN .exe
----a-w           155,648 2008-01-19 17:03:55  C:\Programmi\File comuni\Ahead\Lib\NeroCheck .exe
----a-w           210,472 2008-03-09 13:45:33  C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w           176,128 2008-03-09 13:46:08  C:\Programmi\LogiGuard\Master Mechanic II\agent .exe
----a-w            79,400 2008-01-19 17:04:13  C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4 .exe
----a-w         2,870,784 2008-03-09 07:14:10  C:\Programmi\Spyware Terminator\SpywareTerminatorShield .exe
----a-w            64,512 2008-03-06 17:11:32  C:\WINDOWS\ehome\ehtray .exe
----a-w            15,360 2008-01-27 07:59:23  C:\WINDOWS\system32\ctfmon .exe
</pre>


((((((((((((((((((((((((((((( snapshot@2008-03-15_13.21.30.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-05 10:45:42 14,856 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\pxcom.sys
+ 2007-09-05 10:47:28 107,784 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\PxEmu.sys
+ 2007-09-05 10:46:28 302,344 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\pxfsf.sys
+ 2007-09-05 10:45:42 23,048 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\PxRD.sys
+ 2007-09-05 10:47:16 28,040 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\pxtdi.sys
+ 2007-09-05 10:47:18 11,264 ----a-w C:\WINDOWS\LastGood\system32\pxinst.dll
+ 2007-09-05 10:47:18 13,824 ----a-w C:\WINDOWS\LastGood\system32\pxscinst.dll
+ 2008-03-15 15:07:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_264.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33161E98-0A6C-4d3c-BD62-3A7D56137F52}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EBD0DF4-1263-4ED3-96CB-4CDC66C58318}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e133f12d-08c2-4d7e-a5f7-09cc0a4a151d}]
C:\WINDOWS\system32\cidqmmrf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Procs]
@={51D8EAB2-A055-487F-BBE0-DFB79DD0E76D}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"Uniblue SpeedUpMyPC"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"CanonSolutionMenu"="C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-09 14:42 644696]
"CanonMyPrinter"="C:\Programmi\Canon\MyPrinter\BJMyPrt.exe" [2008-03-09 18:45 1603152]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2008-03-09 18:44 210472]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"agent"="C:\Programmi\LogiGuard\Master Mechanic II\agent.exe" [ ]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-09 18:46 2870784]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"kis"="C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09 139367]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcawts]
efcawts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WudfSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"Fax"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
"VoipStunt"="C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RegEasy.exe"=C:\Programmi\Registry Easy\RegEasy.exe
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
"ISUSPM Startup"=C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Programmi\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Programmi\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Programmi\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"=
"C:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Programmi\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"= C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ca93cf4-7368-11dc-82fa-001731e138a9}]
\Shell\AutoRun\command - K:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83cc3187-cece-11db-821f-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83cc318d-cece-11db-821f-806d6172696f}]
\Shell\AutoRun\command - J:\Autorun.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-07 21:19:22 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programmi\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-03-15 08:50:28 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Programmi\RegClean\RegClean.ex
- C:\Programmi\RegClean
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-15 17:12:43
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-03-15 17.13.36
ComboFix-quarantined-files.txt 2008-03-15 16:13:33
ComboFix2.txt 2008-03-15 12:22:10
.
2007-10-07 01:25:16 --- E O F ---

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zamolio bih te da pratiš uputstva - zašto si ComboFix pokrenuo dva puta?

To tebi ništa ne pomaže, a meni otežava uvid u situaciju na tvome kompjuteru.



-------------------------------------------------------------------------------------



Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\Documents and Settings\HP_Administrator\Dati applicazioni\wklnhst.dat

RenV::
----a-w            61,440 2008-03-09 13:45:27  C:\hp\KBD\KBD .EXE
----a-w         1,603,152 2008-03-09 13:45:33  C:\Programmi\Canon\MyPrinter\BJMyPrt .exe
----a-w           644,696 2008-03-09 13:45:31  C:\Programmi\Canon\SolutionMenu\CNSLMAIN .exe
----a-w           155,648 2008-01-19 17:03:55  C:\Programmi\File comuni\Ahead\Lib\NeroCheck .exe
----a-w           210,472 2008-03-09 13:45:33  C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w           176,128 2008-03-09 13:46:08  C:\Programmi\LogiGuard\Master Mechanic II\agent .exe
----a-w            79,400 2008-01-19 17:04:13  C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4 .exe
----a-w         2,870,784 2008-03-09 07:14:10  C:\Programmi\Spyware Terminator\SpywareTerminatorShield .exe
----a-w            64,512 2008-03-06 17:11:32  C:\WINDOWS\ehome\ehtray .exe
----a-w            15,360 2008-01-27 07:59:23  C:\WINDOWS\system32\ctfmon .exe

FileLook::
C:\Programmi\RegClean\RegClean.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33161E98-0A6C-4d3c-BD62-3A7D56137F52}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EBD0DF4-1263-4ED3-96CB-4CDC66C58318}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e133f12d-08c2-4d7e-a5f7-09cc0a4a151d}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcawts]




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ppozdrav doktore!
Sinoc mi se sve blokiralo na kompu pa sam morao da ga iskljucim na glavni prekidac posle toga nisam mogao da nadjem taj fajl a i nije mi jasno u kom programu je Notepad.Nemoj da se nerviras nemam bas neka iskustva sa tim stvarima tj. prvi put radim ovakve stvari ubio sam se trazeci taj fajl a rekao si mi da ne pokrecem vise Combofix sta sad da radim.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Lokacija loga: C:\ComboFix.txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvini sta sad da radim ponovo da skeniram sa comboFixom ili da trazim taj fajl

Dopuna: 16 Mar 2008 10:45

Nasao sam mada nije bas identican kao onaj sto si mi ti poslao fali samo prva linija,njega da kopiram?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Znači, file koji nam treba je C:\ComboFix.txt.

Ako postoji, iskopiraj ga ovde.

Ako ne postoji, onda samo dvoklikom pokreni ComboFix i postavi novi log koji ćeš dobiti na kraju procesa.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

<pre>
----a-w            61,440 2008-03-09 13:45:27  C:\hp\KBD\KBD .EXE
----a-w         1,603,152 2008-03-09 13:45:33  C:\Programmi\Canon\MyPrinter\BJMyPrt .exe
----a-w           644,696 2008-03-09 13:45:31  C:\Programmi\Canon\SolutionMenu\CNSLMAIN .exe
----a-w           155,648 2008-01-19 17:03:55  C:\Programmi\File comuni\Ahead\Lib\NeroCheck .exe
----a-w           210,472 2008-03-09 13:45:33  C:\Programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w           176,128 2008-03-09 13:46:08  C:\Programmi\LogiGuard\Master Mechanic II\agent .exe
----a-w            79,400 2008-01-19 17:04:13  C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4 .exe
----a-w         2,870,784 2008-03-09 07:14:10  C:\Programmi\Spyware Terminator\SpywareTerminatorShield .exe
----a-w            64,512 2008-03-06 17:11:32  C:\WINDOWS\ehome\ehtray .exe
----a-w            15,360 2008-01-27 07:59:23  C:\WINDOWS\system32\ctfmon .exe
</pre>


((((((((((((((((((((((((((((( snapshot@2008-03-15_13.21.30.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-05 10:45:42 14,856 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\pxcom.sys
+ 2007-09-05 10:47:28 107,784 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\PxEmu.sys
+ 2007-09-05 10:46:28 302,344 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\pxfsf.sys
+ 2007-09-05 10:45:42 23,048 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\PxRD.sys
+ 2007-09-05 10:47:16 28,040 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\pxtdi.sys
+ 2007-09-05 10:47:18 11,264 ----a-w C:\WINDOWS\LastGood\system32\pxinst.dll
+ 2007-09-05 10:47:18 13,824 ----a-w C:\WINDOWS\LastGood\system32\pxscinst.dll
+ 2008-03-15 15:07:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_264.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33161E98-0A6C-4d3c-BD62-3A7D56137F52}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EBD0DF4-1263-4ED3-96CB-4CDC66C58318}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e133f12d-08c2-4d7e-a5f7-09cc0a4a151d}]
C:\WINDOWS\system32\cidqmmrf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Procs]
@={51D8EAB2-A055-487F-BBE0-DFB79DD0E76D}


ja sam nasao taj moguli taj da iskopiram kako si mi rekao ili da pustim ponovo ComboFix da odradi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokreni ga ponovo (ovo gore je deo starog loga).