MyCity » Ambulanta -> Arhiva Ambulante » log file - vista

log file - vista

Napisano na dan: 8.12.2008

log file - vista

Sledeća strana

Pagination

Odgovori

djolem89 Poslao: 08 Dec 2008 18:02 Idi na vrh
offline djolem89 Novi MyCity građanin Pridružio: 16 Avg 2007 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! legalna vista, problemi nastaju posle update-a na service pack 1, windows je sam trazio update, ja odobrio. od tada mu treba jedno 10 minuta da se digne ( stoji na ekranu please wait ) posle toga nastavi normalno... norton antivirus pronasao samo neki low risk cookie, koji sam obrisao. ovo je log file : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:51:36, on 08/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Windows Defender\MSASCui.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Dj\Desktop\New Folder\tr3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....;pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [8F5.tmp] C:\Windows\temp\8F5.tmp O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{93F4F16B-E8F1-45F6-8A60-9A8359986C6D}: NameServer = 85.255.112.10;85.255.112.103 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0D1F4C2-DEAF-45CD-B29A-A06B18910E2E}: NameServer = 85.255.112.10;85.255.112.103 O17 - HKLM\System\CCS\Services\Tcpip\..\{A9820405-E885-4B1D-8EE2-2BA8931F5AB0}: NameServer = 85.255.112.10;85.255.112.103 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdruk.exe -- End of file - 10763 bytes

Profil

dr_Bora Poslao: 08 Dec 2008 20:15 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Privremeno isključi sav zaštitni softver a zatim isprati sledeće uputstvo. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

djolem89 Poslao: 08 Dec 2008 21:17 Idi na vrh
offline djolem89 Novi MyCity građanin Pridružio: 16 Avg 2007 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga log : ComboFix 08-12-07.01 - Dj 2008-12-08 20:57:50.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.381.1033.18.1790 [GMT 1:00] Running from: c:\users\Dj\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\program files\Mozilla Firefox\components\iamfamous.dll C:\resycled c:\resycled\boot.com c:\windows\system32\hpgt2436.dll c:\windows\system32\hpxp2436.dll c:\windows\system32\KBL.LOG D:\Autorun.inf D:\resycled d:\resycled\boot.com E:\Autorun.inf E:\resycled e:\resycled\boot.com . ((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 ))))))))))))))))))))))))))))))) . 2008-12-07 14:29 . 2008-12-07 14:29 <DIR> d----c--- c:\windows\System32\DRVSTORE 2008-12-07 14:29 . 2008-12-07 14:29 <DIR> d-------- c:\program files\DIFX 2008-12-07 14:28 . 2008-12-07 14:31 <DIR> d-------- C:\UniScan 2008-12-07 14:28 . 2007-01-17 01:19 438,272 --a------ c:\windows\System32\hp2436co.dll 2008-12-06 16:13 . 2008-12-06 16:13 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-12-06 14:44 . 2008-12-06 14:44 <DIR> d-------- C:\PerfLogs 2008-12-03 18:42 . 2008-12-03 18:42 <DIR> d-------- c:\users\Dj\AppData\Roaming\AVS4YOU 2008-12-03 18:42 . 2008-12-03 18:42 <DIR> d-------- c:\users\All Users\AVS4YOU 2008-12-03 18:42 . 2008-12-03 18:42 <DIR> d-------- c:\programdata\AVS4YOU 2008-12-03 18:42 . 2008-12-03 18:42 <DIR> d-------- c:\program files\Common Files\AVSMedia 2008-12-03 18:42 . 2008-12-03 18:42 <DIR> d-------- c:\program files\AVS4YOU 2008-12-03 18:42 . 2007-02-27 18:36 1,700,352 --a------ c:\windows\System32\GdiPlus.dll 2008-12-03 18:42 . 2007-02-27 18:36 974,848 --a------ c:\windows\System32\mfc70.dll 2008-12-03 18:42 . 2007-02-27 18:36 487,424 --a------ c:\windows\System32\msvcp70.dll 2008-12-03 18:42 . 2007-02-27 18:36 344,064 --a------ c:\windows\System32\msvcr70.dll 2008-12-03 18:42 . 2007-02-27 18:36 24,576 --a------ c:\windows\System32\msxml3a.dll 2008-12-01 19:54 . 2008-12-03 21:03 <DIR> d-------- c:\users\All Users\FLEXnet 2008-12-01 19:54 . 2008-12-03 21:03 <DIR> d-------- c:\programdata\FLEXnet 2008-12-01 19:48 . 2008-12-01 19:48 <DIR> d-------- c:\program files\Adobe Media Player 2008-12-01 19:45 . 2008-12-01 19:45 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-12-01 19:41 . 2008-12-01 19:41 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2008-12-01 19:38 . 2008-12-01 19:38 29,184 --a------ c:\windows\System32\drivers\ndisprot.sys 2008-11-26 19:57 . 2008-11-26 21:40 <DIR> d-------- c:\users\Dj\AppData\Roaming\Winamp 2008-11-26 19:57 . 2008-11-26 19:58 <DIR> d-------- c:\program files\Winamp 2008-11-26 19:57 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll 2008-11-26 09:36 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-26 09:36 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-26 09:36 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-26 09:36 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-26 09:36 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-26 09:36 . 2008-01-19 08:36 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll 2008-11-26 09:36 . 2008-01-19 08:36 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll 2008-11-21 17:45 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-21 17:45 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-21 17:45 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-21 17:45 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-21 17:45 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-21 17:45 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-21 17:45 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-21 17:45 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-21 17:45 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-16 17:46 . 2008-11-16 17:46 <DIR> d-------- c:\users\Dj\AppData\Roaming\Soldat 2008-11-16 17:46 . 2008-11-16 17:46 <DIR> d-------- C:\Soldat 2008-11-16 13:45 . 2008-11-16 13:45 <DIR> d-------- c:\users\Dj\AppData\Roaming\HP 2008-11-16 13:45 . 2008-11-21 17:23 <DIR> d-------- c:\users\Dj\AppData\Roaming\CyberLink 2008-11-16 13:45 . 2008-11-16 13:45 <DIR> d-------- c:\users\All Users\HP 2008-11-16 13:45 . 2008-11-16 13:45 <DIR> d-------- c:\programdata\HP 2008-11-12 10:48 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-12 10:46 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 10:45 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-08 19:55 --------- d-----w c:\users\Dj\AppData\Roaming\Skype 2008-12-08 18:30 --------- d-----w c:\programdata\Symantec 2008-12-08 17:12 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-12-08 17:00 --------- d-----w c:\users\Dj\AppData\Roaming\skypePM 2008-12-08 16:09 --------- d-----w c:\users\Dj\AppData\Roaming\LimeWire 2008-12-07 17:09 --------- d-----w c:\users\Dj\AppData\Roaming\Azureus 2008-12-07 15:47 27,050 ----a-w c:\users\Dj\AppData\Roaming\nvModes.dat 2008-12-06 13:56 174 --sha-w c:\program files\desktop.ini 2008-12-06 13:46 --------- d-----w c:\program files\Windows Sidebar 2008-12-06 13:46 --------- d-----w c:\program files\Windows Photo Gallery 2008-12-06 13:46 --------- d-----w c:\program files\Windows Mail 2008-12-06 13:46 --------- d-----w c:\program files\Windows Journal 2008-12-06 13:46 --------- d-----w c:\program files\Windows Defender 2008-12-06 13:46 --------- d-----w c:\program files\Windows Collaboration 2008-12-06 13:46 --------- d-----w c:\program files\Windows Calendar 2008-12-06 13:40 --------- d-----w c:\programdata\NVIDIA 2008-12-06 13:27 82,432 ----a-w c:\windows\System32\axaltocm.dll 2008-12-06 13:27 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2008-12-01 18:49 --------- d-----w c:\program files\Common Files\Adobe 2008-11-12 18:49 --------- d-----w c:\program files\DivX 2008-11-12 18:46 --------- d-----w c:\program files\Common Files\PX Storage Engine 2008-11-09 15:33 270 ----a-w c:\users\Dj\AppData\Roaming\wklnhst.dat 2008-11-06 10:45 --------- d-----w c:\users\Dj\AppData\Roaming\Template 2008-11-01 17:35 --------- d-----w c:\program files\LimeWire 2008-10-26 09:14 --------- d-----w c:\programdata\KONAMI 2008-10-26 08:54 --------- d-----w c:\program files\KONAMI 2008-10-25 12:53 48 ---ha-w c:\users\All Users\ezsidmv.dat 2008-10-25 12:53 48 ---ha-w c:\programdata\ezsidmv.dat 2008-10-25 10:16 --------- d-----w c:\program files\Microsoft ActiveSync 2008-10-25 10:14 --------- d-----w c:\program files\Microsoft.NET 2008-10-24 15:11 --------- d-----w c:\programdata\Azureus 2008-10-24 15:10 --------- d-----w c:\program files\Vuze 2008-10-24 11:53 --------- d-----w c:\programdata\CyberLink 2008-10-20 15:56 269,312 ----a-w c:\windows\System32\es.dll 2008-10-19 20:35 --------- d-----w c:\users\Dj\AppData\Roaming\Media Player Classic 2008-10-19 20:34 --------- d-----w c:\program files\K-Lite Codec Pack 2008-10-19 13:29 --------- d-----w c:\users\Dj\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-10-19 09:05 61,440 ----a-w c:\windows\System32\winipsec.dll 2008-10-19 09:05 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL 2008-10-19 09:05 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll 2008-10-19 09:05 272,896 ----a-w c:\windows\System32\polstore.dll 2008-10-19 09:04 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-10-19 09:04 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-10-19 09:04 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-19 09:04 28,160 ----a-w c:\windows\System32\Apphlpdm.dll 2008-10-19 09:04 2,560 ----a-w c:\windows\AppPatch\AcRes.dll 2008-10-19 09:04 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-10-19 09:04 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-19 09:04 1,695,744 ----a-w c:\windows\System32\gameux.dll 2008-10-19 08:56 2,048 ----a-w c:\windows\System32\tzres.dll 2008-10-19 08:55 303,616 ----a-w c:\windows\System32\wmpeffects.dll 2008-10-19 08:54 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-10-19 08:50 29,184 ----a-w c:\windows\system32\drivers\BTHUSB.SYS 2008-10-19 08:50 220,160 ----a-w c:\windows\system32\drivers\bthport.sys 2008-10-19 08:50 19,456 ----a-w c:\windows\system32\drivers\bthenum.sys 2008-10-19 08:50 181,760 ----a-w c:\windows\System32\fsquirt.exe 2008-10-19 08:48 988,216 ----a-w c:\windows\System32\winload.exe 2008-10-19 08:48 927,288 ----a-w c:\windows\System32\winresume.exe 2008-10-19 08:48 615,992 ----a-w c:\windows\System32\ci.dll 2008-10-19 08:48 6,656 ----a-w c:\windows\System32\kbd106n.dll 2008-10-19 08:48 46,592 ----a-w c:\windows\System32\setbcdlocale.dll 2008-10-19 08:48 40,960 ----a-w c:\windows\System32\srclient.dll 2008-10-19 08:48 378,368 ----a-w c:\windows\System32\srcore.dll 2008-10-19 08:48 318,464 ----a-w c:\windows\System32\rstrui.exe 2008-10-19 08:48 19,000 ----a-w c:\windows\System32\kd1394.dll 2008-10-19 08:48 14,848 ----a-w c:\windows\System32\srdelayed.exe 2008-10-19 08:46 288,768 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-19 08:45 295,936 ----a-w c:\windows\System32\gdi32.dll 2008-10-19 08:45 14,848 ----a-w c:\windows\System32\wshrm.dll 2008-10-19 08:45 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys 2008-10-19 08:41 84,480 ----a-w c:\windows\System32\INETRES.dll 2008-10-19 08:41 738,304 ----a-w c:\windows\System32\inetcomm.dll 2008-10-19 08:41 1,314,816 ----a-w c:\windows\System32\quartz.dll 2008-10-19 08:40 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-10-19 08:40 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-10-19 08:35 827,392 ----a-w c:\windows\System32\wininet.dll 2008-10-18 19:33 --------- d-----w c:\programdata\Skype 2008-10-18 19:33 --------- d-----w c:\program files\Skype 2008-10-18 19:33 --------- d-----w c:\program files\Common Files\Skype 2008-10-16 18:40 --------- d-----w c:\program files\MSXML 4.0 2008-10-15 19:20 --------- d-----w c:\users\Dj\AppData\Roaming\DivX 2008-10-15 19:20 --------- d-----w c:\programdata\Yahoo! Companion 2008-10-15 19:19 --------- d-----w c:\users\Dj\AppData\Roaming\Yahoo! 2008-10-15 19:19 --------- d-----w c:\program files\Yahoo! 2008-10-15 15:30 --------- d-----w c:\program files\Java 2008-10-11 09:24 --------- d-----w c:\users\Dj\AppData\Roaming\Symantec 2008-10-11 09:23 --------- d-----w c:\users\Dj\AppData\Roaming\DigitalPersona 2008-10-11 09:21 --------- d-----w c:\users\Dj\AppData\Roaming\Hewlett-Packard 2008-10-11 09:20 --------- d-----w c:\program files\Microsoft Works 2008-10-11 09:16 --------- d-----w c:\program files\MSN Messenger 2008-10-11 09:15 --------- d-----w c:\program files\HP 2008-10-11 09:14 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF811543V_E459053-DH3_4A_I30CB_SQuanta_V79.29_F.51_T080226_WV3-0_L409_M3070_J250_7Intel_86FB_92.20_#071127_N10EC8168;80864229_(KL018EA#UUW)_XMOBILE_CN10_Z.MRK 2008-10-11 09:14 --------- d-----w c:\users\Dj\AppData\Roaming\Macrovision 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-16 00:11 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408] "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 51048] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-09 311296] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [9/5/2007 9:09:54 PM 727592] Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [8/6/2003 12:23:32 PM 51776] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{55F5EADE-378B-4F78-BA0A-E484B5B8B7BA}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{30BD20B5-9A18-4007-9475-0C090EBD1CA1}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{C784D43B-5F94-427C-BA37-5E59E18B3436}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{BD35F1F8-28F7-4473-8EFE-18DFA4F9EA2F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{14C96575-8C21-4C18-A376-E5F4957B9DBF}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{E749EE25-2313-4ABA-B1CF-1C56B114C4AE}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{02E66595-0692-4D2E-B334-E9C54B230E73}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{EC7D77D6-A52F-4032-9517-582B6FF9EEFB}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{C7F5D75B-F3EB-4215-A24D-3C6A3AF62B27}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "{D0393AD8-9712-4C10-BA38-F56D54FB78A2}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{B6DE732B-5BD3-4939-9B97-D8C2CA102791}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{7D917953-A040-44B9-A37E-B05CD4CFE702}c:\\soldat\\soldat.exe"= UDP:c:\soldat\soldat.exe:Soldat "UDP Query User{85ACB49A-63C6-4209-A483-9A5C40A1844F}c:\\soldat\\soldat.exe"= TCP:c:\soldat\soldat.exe:Soldat "TCP Query User{C3F0513A-BDD4-4D33-B499-6A3207D8CE0B}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{25DAF192-D5BC-4F9F-ACED-81A83B9BBFA8}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{73917913-9BD9-44C8-B226-3A36C606C122}"= UDP:5353:Adobe CSI CS4 "{6924DB79-858B-45CE-9D71-6484F902ACC8}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{CCA6EF38-9384-4A50-A2A8-0FDDD882AE66}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081204.001\IDSvix86.sys [12/8/2008 6:14:58 PM 270384] R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};\??\c:\program files\HP\QuickPlay\000.fcl [3/23/2008 9:59:47 AM 39408] R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [8/25/2007 5:07:00 AM 149864] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/8/2008 6:37:32 PM 99376] R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [8/13/2007 8:50:00 PM 41008] S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [5/29/2007 8:55:00 PM 23888] S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [12/1/2008 7:38:39 PM 29184] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Newly Created Service - COMHOST . Contents of the 'Scheduled Tasks' folder 2008-12-08 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Dj.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19] 2008-12-08 c:\windows\Tasks\User_Feed_Synchronization-{197EB1D9-5A26-4BEB-8840-78D4663676F5}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33] . - - - - ORPHANS REMOVED - - - - HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FireFox -: Profile - c:\users\Dj\AppData\Roaming\Mozilla\Firefox\Profiles\bihe4hb4.default\ . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-08 21:07:25 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\TEMP\TMP00000038C327AFA270242B7E 524288 bytes scan completed successfully hidden files: 1 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(684) c:\windows\system32\DPPWDFLT.dll - - - - - - - > 'Explorer.exe'(2428-) c:\program files\Common Files\Symantec Shared\auCOLPwd.dll c:\program files\DigitalPersona\Bin\DpoFeedb.dll c:\windows\system32\btmmhook.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\BtwNamespaceExt.dll c:\windows\system32\BtwNeLib.dll c:\windows\system32\btwapi.dll c:\windows\system32\btosif.dll c:\windows\system32\btwpimif.dll c:\windows\system32\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\audiodg.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\DigitalPersona\Bin\DpHostW.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\System32\rundll32.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\windows\System32\wbem\WMIADAP.exe c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe . ************************************************************************ . Completion time: 2008-12-08 21:12:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-08 20:11:47 Pre-Run: 179,354,476,544 bytes free Post-Run: 180,826,517,504 bytes free 330 --- E O F --- 2008-12-06 13:29:38

Profil

dr_Bora Poslao: 08 Dec 2008 22:06 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upakuj u zip (ili rar) kompletan folder: C:\qoobox\quarantine i upload-uj ga preko ovog linka: http://www.mycity.rs/ambulanta-upload.php Isto uradi i sa ovim file-om: c:\windows\System32\hp2436co.dll Nakon toga postavi svež HijackThis logfile.

Profil

djolem89 Poslao: 09 Dec 2008 00:26 Idi na vrh
offline djolem89 Novi MyCity građanin Pridružio: 16 Avg 2007 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uploadovao sam ova 2 fajla. novi log je ovo : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:22:28, on 09/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Winamp\winampa.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Dj\Desktop\New Folder\tr3.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....;pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 9653 bytes

Profil

dr_Bora Poslao: 09 Dec 2008 17:06 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skini zip sa donjeg linka i raspakuj ga u C:\Windows\System32 folder: https://www.mycity.rs/must-login.png U pitanju su dva file-a koje je ComboFix greškom obrisao. Kakvo je sada stanje?

Profil

djolem89 Poslao: 09 Dec 2008 17:25 Idi na vrh
offline djolem89 Novi MyCity građanin Pridružio: 16 Avg 2007 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! sada sve funkcionise normalno, osim sto se pri svakom startu/shut downu windowsa, prikaze ekran sa tekstom installing updates, a na shut downu - configuring updates. kao da jos uvek nije zavrsena instalacija service pack-a pored toga, norton antivirus je nekoliko puta pokazivao da je pobio neke crve ( packed generic 200. i trojan dropper ) i virus w32silly fdc. iskopirao sam 2 fajla sa linka u system32 folder. sta dalje ?

Profil

dr_Bora Poslao: 09 Dec 2008 18:56 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi ovo: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore Vezano za instalaciju update-a... Najbolje je da pitanje o tome postaviš u forumu Windows.

Profil

djolem89 Poslao: 10 Dec 2008 20:54 Idi na vrh
offline djolem89 Novi MyCity građanin Pridružio: 16 Avg 2007 Poruke: 22	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! hvala na pomoci ! jos jedno pitanje samo, ranije sam u c/windows/system32/hosts dopisao jedan red. to je posle intervencije combofix-a poremeceno pa moram da radim opet. da li je to bezbedno ?

Profil

dr_Bora Poslao: 10 Dec 2008 22:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jeste, bezbedno je (podrazumeva se da znaš šta radiš, naravno).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » log file - vista

Ko je trenutno na forumu

Ukupno su 1048 korisnika na forumu :: 34 registrovanih, 9 sakrivenih i 1005 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ajo baba, bojcistv, ccoogg123, cikadeda, cinoeye, Darko8, Denaya, dolinalima, draganca, dragoljub11987, Haris, Japidson, Joja, JOntra, Konda, kunktator, kybonacci, Leonov, mercedesamg, mikrimaus, miodrag, nazgul75, novator, Povratak1912, rodoljub, sasa87, Srle993, stegonosa, uruk, vaso1, voja64, wolverined4, Wrangler, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by