Logfile of HijackThis v1.99.1

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 1:55:11, on 5.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\usnhost.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\n\Desktop\vesna\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [User Hosting Service] usnhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Dopuna: 05 Jan 2008 2:31

otvara sam neke foldere i nece da ih izbrise kako da uklonim ovaj virus

Dopuna: 05 Jan 2008 2:36

kako da ocistim kompjuter od ovog virusotvara foldere neke i salje prijateljima!?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Pošalji mi sledeći file: C:\WINDOWS\system32\usnhost.exe

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

-------------------------------------------------------------------------------------


Skini ComboFix sa jedne od sledecih adresa i sačuvaj ga na desktopu:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-01-04.1 - n 2008-01-05 13:45:54.1 - NTFSx86
Running from: C:\F_R_I_E_N_D_S\neke SAM0!! moJe sliCicE!\vesna\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 13:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 22:23 . 2008-01-04 21:00 72,704 -r-hs---- C:\WINDOWS\system32\usnhost.exe
2008-01-04 19:50 . 2008-01-04 19:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-04 19:50 . 2008-01-04 19:51 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-30 12:59 . 2007-12-30 12:59 268 --ah----- C:\sqmdata05.sqm
2007-12-30 12:59 . 2007-12-30 12:59 244 --ah----- C:\sqmnoopt05.sqm
2007-12-30 12:28 . 2007-12-30 12:28 268 --ah----- C:\sqmdata04.sqm
2007-12-30 12:28 . 2007-12-30 12:28 244 --ah----- C:\sqmnoopt04.sqm
2007-12-29 22:15 . 2007-12-29 22:15 244 --ah----- C:\sqmnoopt03.sqm
2007-12-29 22:15 . 2007-12-29 22:15 232 --ah----- C:\sqmdata03.sqm
2007-12-29 17:28 . 2007-12-29 17:28 244 --ah----- C:\sqmnoopt02.sqm
2007-12-29 17:28 . 2007-12-29 17:28 232 --ah----- C:\sqmdata02.sqm
2007-12-29 16:57 . 2007-12-29 16:57 244 --ah----- C:\sqmnoopt01.sqm
2007-12-29 16:57 . 2007-12-29 16:57 232 --ah----- C:\sqmdata01.sqm
2007-12-29 12:29 . 2007-12-29 12:29 244 --ah----- C:\sqmnoopt00.sqm
2007-12-29 12:29 . 2007-12-29 12:29 232 --ah----- C:\sqmdata00.sqm
2007-12-15 21:31 . 2007-12-19 14:47 <DIR> d-------- C:\Program Files\LimeWire
2007-12-15 21:31 . 2008-01-03 15:09 <DIR> d-------- C:\Documents and Settings\n\Shared
2007-12-15 21:31 . 2008-01-03 15:09 <DIR> d-------- C:\Documents and Settings\n\Incomplete
2007-12-15 21:31 . 2008-01-04 23:01 <DIR> d-------- C:\Documents and Settings\n\Application Data\LimeWire
2007-12-15 03:03 . 2007-12-15 03:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-15 03:02 . 2006-01-13 02:24 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-15 00:35 . 2007-07-09 14:16 582,656 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll
2007-12-15 00:22 . 2006-12-07 05:14 2,330,624 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll
2007-12-15 00:17 . 2007-12-15 00:17 <DIR> d---s---- C:\Documents and Settings\n\UserData
2007-12-15 00:05 . 2008-01-05 01:50 <DIR> d-------- C:\Documents and Settings\n\Application Data\Yahoo!
2007-12-15 00:05 . 2007-12-15 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-14 23:14 . 2008-01-05 13:35 <DIR> d-------- C:\Documents and Settings\n\Application Data\AVG7
2007-12-14 23:09 . 2007-12-14 23:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-14 23:09 . 2007-12-14 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-14 22:31 . 2007-12-14 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-14 22:25 . 2007-12-14 22:30 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-14 21:56 . 2007-12-14 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-14 21:14 . 2007-12-14 21:14 <DIR> d-------- C:\WINDOWS\Sun
2007-12-14 21:07 . 2007-12-14 21:07 <DIR> d-------- C:\Program Files\Java
2007-12-14 21:07 . 2007-09-24 22:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-14 21:03 . 2007-12-14 21:03 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-14 19:40 . 2007-12-14 19:40 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-12-14 19:40 . 2007-12-14 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-12-14 19:34 . 2007-12-16 02:43 <DIR> d-------- C:\Documents and Settings\n\Application Data\Winamp
2007-12-14 19:34 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-14 19:34 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-14 19:34 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-14 19:18 . 2007-12-29 22:10 <DIR> d-------- C:\Documents and Settings\n\Contacts
2007-12-14 19:08 . 2007-12-14 19:16 <DIR> d-------- C:\Program Files\Windows Live
2007-12-14 19:08 . 2007-12-14 19:10 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-14 19:08 . 2007-12-14 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-14 19:06 . 2007-07-30 18:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-14 19:05 . 2007-07-30 18:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-14 19:05 . 2007-07-30 18:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-14 19:05 . 2007-07-30 18:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-14 19:05 . 2007-07-30 18:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-14 17:53 . 2007-12-14 17:54 <DIR> d-------- C:\Documents and Settings\n\Application Data\SumatraPDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 02:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-14 18:41 --------- d-----w C:\Program Files\Winamp
2007-12-01 18:09 --------- d-----w C:\Documents and Settings\n\Application Data\Teleca
2007-12-01 18:08 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-01 18:08 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-01 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-12-01 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-12-01 18:06 94,064 ----a-w C:\WINDOWS\system32\drivers\k510mdm.sys
2007-12-01 18:06 85,408 ----a-w C:\WINDOWS\system32\drivers\k510mgmt.sys
2007-12-01 18:06 83,344 ----a-w C:\WINDOWS\system32\drivers\k510obex.sys
2007-12-01 18:06 8,336 ----a-w C:\WINDOWS\system32\drivers\k510mdfl.sys
2007-12-01 18:06 6,176 ----a-w C:\WINDOWS\system32\drivers\k510cmnt.sys
2007-12-01 18:06 6,176 ----a-w C:\WINDOWS\system32\drivers\k510cm.sys
2007-12-01 18:06 58,288 ----a-w C:\WINDOWS\system32\drivers\k510bus.sys
2007-12-01 18:06 5,808 ----a-w C:\WINDOWS\system32\drivers\k510whnt.sys
2007-12-01 18:06 5,808 ----a-w C:\WINDOWS\system32\drivers\k510wh.sys
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\DllCache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\DllCache\quartz.dll
2007-10-27 16:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 16:39 228,864 ------w C:\WINDOWS\system32\DllCache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\DllCache\shell32.dll
2007-10-18 09:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 05:57 96,256 ------w C:\WINDOWS\system32\DllCache\inseng.dll
2007-10-11 05:57 666,112 ------w C:\WINDOWS\system32\DllCache\wininet.dll
2007-10-11 05:57 617,984 ------w C:\WINDOWS\system32\DllCache\urlmon.dll
2007-10-11 05:57 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll
2007-10-11 05:57 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
2007-10-11 05:57 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll
2007-10-11 05:57 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll
2007-10-11 05:57 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll
2007-10-11 05:57 251,904 ------w C:\WINDOWS\system32\DllCache\iepeers.dll
2007-10-11 05:57 205,824 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll
2007-10-11 05:57 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
2007-10-11 05:57 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\system32\DllCache\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\system32\DllCache\browseui.dll
2007-10-10 10:48 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-01-13 02:13 15360]
"Steam"="C:\Valve\Steam\Steam.exe" [2007-12-14 19:17 1266936]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 20:14 1867776]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"PCTVOICE"="pctspk.exe" [2004-08-11 05:42 176128 C:\WINDOWS\system32\pctspk.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 07:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"VirtualDrive"="C:\Program Files\FarStone\VirtualDrive\VDTask.exe" [2003-03-29 08:53 90112]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-01-13 02:51 110592 C:\WINDOWS\system32\bthprops.cpl]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:50 579072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 13:47 7311360]
"nwiz"="nwiz.exe" [2005-11-11 13:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 13:47 86016]
"User Hosting Service"="usnhost.exe" [2008-01-04 21:00 72704 C:\WINDOWS\system32\usnhost.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-13 02:36 62054]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-01-13 02:13 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-15 17:30 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2006-01-13 02:49 388608 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-01-13 02:25 44544]

C:\Documents and Settings\n\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]
PowerReg Scheduler.exe [2007-06-13 12:59:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-08-16 10:58:39]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PV92TRAY]
PV92Tray.exe

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2003-02-25 10:38]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-12-01 19:06]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-12-01 19:06]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-12-01 19:06]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-12-01 19:06]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-12-01 19:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9516922-0df9-11dc-83c4-95125059cc9e}]
\Shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f16c65a0-9b55-11db-91eb-806d6172696f}]
\Shell\AutoRun\command - E:\ctrun\ctrun.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-05 13:48:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 13:50:56
.
2007-12-22 12:43:41 --- E O F ---

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

dr_Bora ::Pošalji mi sledeći file: C:\WINDOWS\system32\usnhost.exe

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php
...