Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:5

3

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:5

offline
  • Pridružio: 08 Apr 2009
  • Poruke: 57
  • Gde živiš: Indjija

Usnimio sam novi ESET Smart Security 4 i skenirao pa mi se opet javljaja isto?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Zelezni ::Usnimio sam novi ESET Smart Security 4 i skenirao pa mi se opet javljaja isto?

Koje isto?

offline
  • Pridružio: 08 Apr 2009
  • Poruke: 57
  • Gde živiš: Indjija

ComboFix 09-04-04.01 - Pedja 2009-04-10 17:02:46.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1315 [GMT 2:00]
Running from: c:\documents and settings\Pedja\Desktop\ComboFix.exe
Command switches used :: / u
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 15:43 . 2009-04-10 15:43 <DIR> d-------- c:\windows\LastGood
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\program files\iTunes
2009-04-08 18:08 . 2009-04-08 18:08 <DIR> d-------- c:\program files\iPod
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 18:06 . 2009-04-08 18:06 <DIR> d-------- c:\program files\QuickTime
2009-04-08 17:51 . 2009-04-08 17:51 <DIR> d-------- c:\program files\Bonjour
2009-04-08 17:13 . 2009-04-08 17:13 <DIR> d---s---- c:\documents and settings\Pedja\UserData
2009-03-20 22:28 . 2009-03-20 22:28 1,964 --a------ c:\windows\ST5UNST.003
2009-03-19 11:45 . 2009-03-19 11:45 131,976 --a------ c:\windows\system32\drivers\epfw.sys
2009-03-19 11:45 . 2009-03-19 11:45 55,768 --a------ c:\windows\system32\drivers\epfwtdi.sys
2009-03-19 11:45 . 2009-03-19 11:45 33,096 --a------ c:\windows\system32\drivers\epfwndis.sys
2009-03-19 11:44 . 2009-03-19 11:44 107,256 --a------ c:\windows\system32\drivers\ehdrv.sys
2009-03-19 11:41 . 2009-03-19 11:41 113,960 --a------ c:\windows\system32\drivers\eamon.sys
2009-03-19 01:44 . 2009-03-19 01:44 1,964 --a------ c:\windows\ST5UNST.002
2009-03-18 22:37 . 2009-03-18 22:37 1,964 --a------ c:\windows\ST5UNST.001
2009-03-17 15:50 . 2009-03-17 15:50 1,964 --a------ c:\windows\ST5UNST.000
2009-03-16 23:06 . 2009-03-16 23:06 <DIR> d-------- c:\program files\Engleski
2009-03-16 23:06 . 1997-01-16 00:00 195,856 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-16 23:06 . 1997-01-16 00:00 192,272 --a------ c:\windows\system32\MCI32.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 13:42 --------- d-----w c:\program files\ESET
2009-04-08 16:08 --------- d-----w c:\program files\Common Files\Apple
2009-04-08 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-07 22:35 --------- d-----w c:\program files\myBabylon_English
2009-03-29 20:35 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-19 14:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-16 16:35 --------- d-----w c:\program files\Counter-Strike 1.6
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-01-12 21:09 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-12 21:09 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-11 18:22 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-04-08_ 0.32.59,44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-08 15:51:28 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-04-08 16:09:26 102,400 ----a-r c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe
+ 2009-04-10 13:43:56 10,134 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\callmsi.exe
+ 2009-04-10 13:43:56 97,360 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\egui.exe
+ 2009-03-19 09:45:34 33,096 ----a-w c:\windows\LastGood\system32\DRIVERS\epfwndis.sys
- 2008-08-29 09:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-12-12 09:18:16 87,336 ----a-w c:\windows\system32\dns-sd.exe
- 2008-08-29 08:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-12-12 09:11:46 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-04-17 10:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-03-19 14:32:48 23,400 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2009-03-26 13:23:46 36,864 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaapl.sys
+ 2009-03-26 13:23:46 1,900,544 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaaplrc.dll
- 2008-04-17 12:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 10:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-02-07 14:39 1881112 --a------ c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2002-12-31 208896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"CyberMania"="c:\program files\ESET\CyberMania.exe" [2008-07-04 556175]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-09 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-03-19 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-03-19 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-12 603904]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2009-01-11 30336]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-01-11 57024]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EHDRV
*NewlyCreated* - EKRN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-10 17:03:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068-)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-10 17:04:48
ComboFix-quarantined-files.txt 2009-04-10 15:04:46
ComboFix2.txt 2009-04-10 14:23:49
ComboFix3.txt 2009-04-09 19:47:59
ComboFix4.txt 2009-04-08 21:22:08
ComboFix5.txt 2009-04-10 15:02:34

Pre-Run: 25.986.342.912 bytes free
Post-Run: 25,974,857,728 bytes free

208 --- E O F --- 2009-03-15 04:21:27

Dopuna: 10 Apr 2009 17:22

ComboFix 09-04-04.01 - Pedja 2009-04-10 17:17:34.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1259 [GMT 2:00]
Running from: c:\documents and settings\Pedja\Desktop\ComboFix.exe
Command switches used :: / u
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 15:43 . 2009-04-10 15:43 <DIR> d-------- c:\windows\LastGood
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\program files\iTunes
2009-04-08 18:08 . 2009-04-08 18:08 <DIR> d-------- c:\program files\iPod
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 18:06 . 2009-04-08 18:06 <DIR> d-------- c:\program files\QuickTime
2009-04-08 17:51 . 2009-04-08 17:51 <DIR> d-------- c:\program files\Bonjour
2009-04-08 17:13 . 2009-04-08 17:13 <DIR> d---s---- c:\documents and settings\Pedja\UserData
2009-03-20 22:28 . 2009-03-20 22:28 1,964 --a------ c:\windows\ST5UNST.003
2009-03-19 11:45 . 2009-03-19 11:45 131,976 --a------ c:\windows\system32\drivers\epfw.sys
2009-03-19 11:45 . 2009-03-19 11:45 55,768 --a------ c:\windows\system32\drivers\epfwtdi.sys
2009-03-19 11:45 . 2009-03-19 11:45 33,096 --a------ c:\windows\system32\drivers\epfwndis.sys
2009-03-19 11:44 . 2009-03-19 11:44 107,256 --a------ c:\windows\system32\drivers\ehdrv.sys
2009-03-19 11:41 . 2009-03-19 11:41 113,960 --a------ c:\windows\system32\drivers\eamon.sys
2009-03-19 01:44 . 2009-03-19 01:44 1,964 --a------ c:\windows\ST5UNST.002
2009-03-18 22:37 . 2009-03-18 22:37 1,964 --a------ c:\windows\ST5UNST.001
2009-03-17 15:50 . 2009-03-17 15:50 1,964 --a------ c:\windows\ST5UNST.000
2009-03-16 23:06 . 2009-03-16 23:06 <DIR> d-------- c:\program files\Engleski
2009-03-16 23:06 . 1997-01-16 00:00 195,856 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-16 23:06 . 1997-01-16 00:00 192,272 --a------ c:\windows\system32\MCI32.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 13:42 --------- d-----w c:\program files\ESET
2009-04-08 16:08 --------- d-----w c:\program files\Common Files\Apple
2009-04-08 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-07 22:35 --------- d-----w c:\program files\myBabylon_English
2009-03-29 20:35 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-19 14:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-16 16:35 --------- d-----w c:\program files\Counter-Strike 1.6
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-01-12 21:09 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-12 21:09 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-11 18:22 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-04-08_ 0.32.59,44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-08 15:51:28 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-04-08 16:09:26 102,400 ----a-r c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe
+ 2009-04-10 13:43:56 10,134 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\callmsi.exe
+ 2009-04-10 13:43:56 97,360 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\egui.exe
+ 2009-03-19 09:45:34 33,096 ----a-w c:\windows\LastGood\system32\DRIVERS\epfwndis.sys
- 2008-08-29 09:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-12-12 09:18:16 87,336 ----a-w c:\windows\system32\dns-sd.exe
- 2008-08-29 08:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-12-12 09:11:46 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-04-17 10:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-03-19 14:32:48 23,400 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2009-03-26 13:23:46 36,864 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaapl.sys
+ 2009-03-26 13:23:46 1,900,544 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaaplrc.dll
- 2008-04-17 12:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 10:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-02-07 14:39 1881112 --a------ c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2002-12-31 208896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"CyberMania"="c:\program files\ESET\CyberMania.exe" [2008-07-04 556175]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-09 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-03-19 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-03-19 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-12 603904]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2009-01-11 30336]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-01-11 57024]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EHDRV
*NewlyCreated* - EKRN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-10 17:19:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Pedja\LOCALS~1\Temp\Perflib_Perfdata_fdc.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068-)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-10 17:21:17
ComboFix-quarantined-files.txt 2009-04-10 15:21:14
ComboFix2.txt 2009-04-10 15:04:49
ComboFix3.txt 2009-04-10 14:23:49
ComboFix4.txt 2009-04-09 19:47:59
ComboFix5.txt 2009-04-10 15:17:20

Pre-Run: 25.984.237.568 bytes free
Post-Run: 25,972,465,664 bytes free

208 --- E O F --- 2009-03-15 04:21:27

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Klikni Start-Run-i zatim kucaj combofix /u pa OK.

offline
  • Pridružio: 08 Apr 2009
  • Poruke: 57
  • Gde živiš: Indjija

ComboFix 09-04-04.01 - Pedja 2009-04-10 17:17:34.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1259 [GMT 2:00]
Running from: c:\documents and settings\Pedja\Desktop\ComboFix.exe
Command switches used :: / u
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 15:43 . 2009-04-10 15:43 <DIR> d-------- c:\windows\LastGood
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\program files\iTunes
2009-04-08 18:08 . 2009-04-08 18:08 <DIR> d-------- c:\program files\iPod
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 18:06 . 2009-04-08 18:06 <DIR> d-------- c:\program files\QuickTime
2009-04-08 17:51 . 2009-04-08 17:51 <DIR> d-------- c:\program files\Bonjour
2009-04-08 17:13 . 2009-04-08 17:13 <DIR> d---s---- c:\documents and settings\Pedja\UserData
2009-03-20 22:28 . 2009-03-20 22:28 1,964 --a------ c:\windows\ST5UNST.003
2009-03-19 11:45 . 2009-03-19 11:45 131,976 --a------ c:\windows\system32\drivers\epfw.sys
2009-03-19 11:45 . 2009-03-19 11:45 55,768 --a------ c:\windows\system32\drivers\epfwtdi.sys
2009-03-19 11:45 . 2009-03-19 11:45 33,096 --a------ c:\windows\system32\drivers\epfwndis.sys
2009-03-19 11:44 . 2009-03-19 11:44 107,256 --a------ c:\windows\system32\drivers\ehdrv.sys
2009-03-19 11:41 . 2009-03-19 11:41 113,960 --a------ c:\windows\system32\drivers\eamon.sys
2009-03-19 01:44 . 2009-03-19 01:44 1,964 --a------ c:\windows\ST5UNST.002
2009-03-18 22:37 . 2009-03-18 22:37 1,964 --a------ c:\windows\ST5UNST.001
2009-03-17 15:50 . 2009-03-17 15:50 1,964 --a------ c:\windows\ST5UNST.000
2009-03-16 23:06 . 2009-03-16 23:06 <DIR> d-------- c:\program files\Engleski
2009-03-16 23:06 . 1997-01-16 00:00 195,856 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-16 23:06 . 1997-01-16 00:00 192,272 --a------ c:\windows\system32\MCI32.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 13:42 --------- d-----w c:\program files\ESET
2009-04-08 16:08 --------- d-----w c:\program files\Common Files\Apple
2009-04-08 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-07 22:35 --------- d-----w c:\program files\myBabylon_English
2009-03-29 20:35 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-19 14:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-16 16:35 --------- d-----w c:\program files\Counter-Strike 1.6
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-01-12 21:09 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-12 21:09 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-11 18:22 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-04-08_ 0.32.59,44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-08 15:51:28 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-04-08 16:09:26 102,400 ----a-r c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe
+ 2009-04-10 13:43:56 10,134 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\callmsi.exe
+ 2009-04-10 13:43:56 97,360 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\egui.exe
+ 2009-03-19 09:45:34 33,096 ----a-w c:\windows\LastGood\system32\DRIVERS\epfwndis.sys
- 2008-08-29 09:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-12-12 09:18:16 87,336 ----a-w c:\windows\system32\dns-sd.exe
- 2008-08-29 08:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-12-12 09:11:46 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-04-17 10:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-03-19 14:32:48 23,400 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2009-03-26 13:23:46 36,864 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaapl.sys
+ 2009-03-26 13:23:46 1,900,544 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaaplrc.dll
- 2008-04-17 12:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 10:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-02-07 14:39 1881112 --a------ c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2002-12-31 208896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"CyberMania"="c:\program files\ESET\CyberMania.exe" [2008-07-04 556175]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-09 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-03-19 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-03-19 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-12 603904]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2009-01-11 30336]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-01-11 57024]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EHDRV
*NewlyCreated* - EKRN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-10 17:19:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Pedja\LOCALS~1\Temp\Perflib_Perfdata_fdc.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068-)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-10 17:21:17
ComboFix-quarantined-files.txt 2009-04-10 15:21:14
ComboFix2.txt 2009-04-10 15:04:49
ComboFix3.txt 2009-04-10 14:23:49
ComboFix4.txt 2009-04-09 19:47:59
ComboFix5.txt 2009-04-10 15:17:20

Pre-Run: 25.984.237.568 bytes free
Post-Run: 25,972,465,664 bytes free

208 --- E O F --- 2009-03-15 04:21:27

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Taj log ti se pojavi kada ono uradis, ili krene skeniranje pa ti se pojavi log?

offline
  • Pridružio: 08 Apr 2009
  • Poruke: 57
  • Gde živiš: Indjija

Ovo sa ti poslao posle>Klikni Start-Run-i zatim kucaj combofix /u pa OK.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Cudno, raspitacu se.

offline
  • Pridružio: 08 Apr 2009
  • Poruke: 57
  • Gde živiš: Indjija

Nakon te komande koju si mi poslao racunar je skeniran pomocu combofix-a a rezultat skeniranja sam ti poslao u 19.34

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Sad mi je skrenuta paznja, a nisam ni ja video...

Ti si kucao razmak i pre u.

Ukucaj ovo sto ti napisem:

combofix /u

Ko je trenutno na forumu
 

Ukupno su 982 korisnika na forumu :: 55 registrovanih, 5 sakrivenih i 922 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, alkatraz080, aramis s, ArmyBoss, babaroga, Bane san, Cranium, Ctrl x, dane007, darcaud, DARKMEN22, dozorni, dragon986, Drug pukovnik, Dukelander, Filip Marinković, goxin, havoc995, Insan, Jovan Nenad, kaisarevic1, kalens021, Kibice, Kiki2004, krlebgd77, kybonacci, LUDI, manda87, mane123, mačković, Mercury, Mihajlo, Milan A. Nikolic, milos.cbr, mnn2, mrvica78, nenad81, repac, RJ, Roman, ruan, S-lash, sakota79, Simon simonović, Sirius, SlaKoj, Smiljke, Snorks, Srki94, stegonosa, Vl veliki, Vlada1389, voja64, zuxbg