Logfile> provera

Logfile> provera

offline
  • Pridružio: 16 Apr 2005
  • Poruke: 2908

Logfile of HijackThis v1.99.1
Scan saved at 10:13:54 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jasmina\Desktop\New Folder\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E83BC1B2-F7C6-4418-BB2E-3A0B65A9542E}: NameServer = 194.106.162.10 194.106.162.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Posto sam neupucena u ovu problematiku, a KIS mi izbacuje svakih pola sata da neki proces pokusava da se ubaci u system 32, odradila sam HiJackThis scan. Ukoliko nesto nije u redu, nadam se da mozete da mi kazete sta je problem.

KIS inace izbacuje kao invider ovaj proces "

C:/WINDOWS/system32/wuauclt.exe (PID:0 )

Hvala unapred.

P.S. U rutinskoj proveri graficke kartice, doslo je do fatal error -a, comp je resetovao. Zasto? Provera radjena programom : DirectX diagnostic tool.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Postavljeni log je čist... Hajde da proverimo još nešto.




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 16 Apr 2005
  • Poruke: 2908



:S

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

ComboFix, naravno, nije maliciozan.

Dozvoli download i isključi antivirus u toku korišćenja ComboFix-a (desni klik na KAV ikonicu u system tray-u (kod sata), Pause Protection, By User Request).

offline
  • Pridružio: 16 Apr 2005
  • Poruke: 2908

ComboFix 08-04-12.1 - Jasmina 2008-04-12 23:28:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.701 [GMT 2:00]
Running from: C:\Documents and Settings\Jasmina\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-11 18:37 . 2008-04-11 18:37 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\BitTorrent
2008-04-11 18:36 . 2008-04-11 18:37 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\DNA
2008-04-11 10:44 . 2008-04-11 10:44 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\Uniblue
2008-04-08 09:39 . 2008-04-08 19:30 <DIR> d-------- C:\Program Files\Metin2.us
2008-04-08 09:26 . 2008-04-08 19:30 <DIR> d-------- C:\Program Files\Cheat Engine
2008-04-08 09:26 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-08 09:26 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-06 15:42 . 2008-04-06 15:42 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-06 15:42 . 2008-04-06 15:42 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-06 06:57 . 2008-04-06 06:57 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\Creative
2008-04-06 06:52 . 2008-04-06 06:52 <DIR> d-------- C:\Program Files\Creative
2008-04-06 06:52 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-06 06:52 . 1999-04-01 19:20 135,680 --a------ C:\WINDOWS\Webdelc.exe
2008-04-06 06:52 . 1999-10-11 03:01 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2008-04-06 06:51 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-06 06:51 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-04-04 22:12 . 2008-04-04 22:12 <DIR> d-------- C:\SIERRA
2008-04-04 21:57 . 2008-04-05 10:56 <DIR> d-------- C:\Program Files\Valve
2008-04-03 20:19 . 2008-04-05 17:37 <DIR> d-------- C:\Fraps
2008-04-03 20:19 . 2008-04-04 20:37 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-03 00:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 00:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-03 00:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 20:43 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-02 08:03 . 2008-04-02 08:03 <DIR> d-------- C:\Program Files\WinASO
2008-04-02 07:24 . 2008-04-02 07:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-02 06:57 . 2008-04-02 06:57 <DIR> d-------- C:\Program Files\ACD
2008-04-02 06:40 . 2008-04-02 06:43 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\Windows Live Writer
2008-04-02 06:33 . 2008-04-02 07:51 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-02 06:33 . 2008-04-02 07:20 <DIR> d-------- C:\Documents and Settings\Jasmina\Contacts
2008-04-02 06:22 . 2008-04-02 07:51 <DIR> d-------- C:\Program Files\Windows Live
2008-04-02 06:22 . 2008-04-02 06:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-02 06:22 . 2008-04-02 06:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 06:16 . 2008-04-02 06:16 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\Ahead
2008-04-02 06:16 . 2003-03-29 16:45 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-04-02 06:16 . 2003-07-29 17:09 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-04-02 06:15 . 2008-04-02 06:15 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-02 06:15 . 2008-04-02 06:15 <DIR> d-------- C:\Program Files\Ahead
2008-04-02 06:15 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-04-02 06:15 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-04-02 06:15 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-02 06:15 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-02 06:15 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-04-02 06:11 . 2008-04-02 06:13 <DIR> d-------- C:\Program Files\QuickTime
2008-04-02 06:11 . 2008-04-02 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-02 06:11 . 2008-04-06 06:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-02 06:11 . 2008-04-02 06:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-02 06:03 . 2007-07-09 15:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-02 05:57 . 2008-04-02 05:57 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-02 05:57 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-02 05:57 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-02 05:57 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-02 05:55 . 2008-04-02 05:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-02 05:45 . 2008-04-02 05:45 1,158 --a------ C:\WINDOWS\mozver.dat
2008-04-02 05:31 . 2008-04-10 03:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-01 23:53 . 2008-04-01 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-01 23:52 . 2008-04-02 05:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-01 23:45 . 2008-04-01 23:45 169 --a------ C:\WINDOWS\adidsl.ini
2008-04-01 23:45 . 2008-04-01 23:45 21 --a------ C:\WINDOWS\Fast800.ini
2008-04-01 23:44 . 2008-04-01 23:44 <DIR> d-------- C:\Program Files\SAGEM
2008-04-01 23:42 . 2008-04-01 23:42 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-01 23:42 . 2008-04-01 23:42 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-01 23:42 . 2008-04-01 23:42 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-01 23:40 . 2008-04-01 23:40 <DIR> d-------- C:\Program Files\Realtek
2008-04-01 23:40 . 2005-04-16 16:20 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2008-04-01 23:40 . 2005-10-31 12:17 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2008-04-01 23:40 . 2005-07-15 10:48 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-04-01 23:39 . 2008-04-01 23:39 <DIR> d-------- C:\WINDOWS\NV39163912.TMP
2008-04-01 23:36 . 2006-04-04 11:44 16,120,832 -r------- C:\WINDOWS\RTHDCPL.exe
2008-04-01 23:36 . 2006-03-14 09:49 9,711,104 -r------- C:\WINDOWS\RTLCPL.exe
2008-04-01 23:36 . 2006-04-06 08:20 4,258,816 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-04-01 23:36 . 2006-03-14 09:45 2,809,344 -r------- C:\WINDOWS\alcwzrd.exe
2008-04-01 23:36 . 2006-03-10 13:32 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2008-04-01 23:36 . 2006-03-09 11:45 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2008-04-01 23:36 . 2005-09-21 04:25 299,008 -r------- C:\WINDOWS\system32\ALSndMgr.Cpl
2008-04-01 23:36 . 2006-01-10 07:58 266,240 -r------- C:\WINDOWS\system32\RTSndMgr.Cpl
2008-04-01 23:36 . 2006-02-20 11:00 86,016 -r------- C:\WINDOWS\SoundMan.exe
2008-04-01 23:36 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-04-01 23:34 . 2008-04-02 07:57 <DIR> d-------- C:\Program Files\ASUS
2008-04-01 23:33 . 2008-04-01 23:33 <DIR> d-------- C:\Program Files\ASUSTeK
2008-04-01 23:32 . 2008-04-01 23:41 <DIR> d-------- C:\WINDOWS\nview
2008-04-01 23:32 . 2008-04-04 21:57 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 23:32 . 2006-03-23 19:51 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-01 23:32 . 2005-02-24 01:32 14,435 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-01 23:30 . 2004-12-14 17:55 9,472 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2008-04-01 23:28 . 2008-04-02 05:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-01 23:27 . 2008-04-01 23:27 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-01 23:22 . 2008-04-01 23:22 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-01 23:21 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-04-01 23:20 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-01 23:20 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002241_.tmp
2008-04-01 23:18 . 2008-04-01 23:18 <DIR> d-------- C:\WINDOWS\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 21:30 2,999,840 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-12 21:30 186,400 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-12 09:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 09:26 44,204 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-12 09:26 19,232 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-01 22:10 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-01 22:10 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-01 22:10 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-01 22:01 --------- d-----w C:\Documents and Settings\Jasmina\Application Data\Talkback
2008-04-01 21:45 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-04-01 21:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-01 20:35 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 01:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 01:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 01:32 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 11:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-01 23:44:57 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-04-02 06:12 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\metin 2 najnoviji\\metin2.bin"=
"D:\\Fraps\\kav\\kis7.0\\english\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 P1001VID;Creative WebCam (WDM);C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-01-30 04:25]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 23:31:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-12 23:31:46
ComboFix-quarantined-files.txt 2008-04-12 21:31:41
Pre-Run: 31,932,747,776 bytes free
Post-Run: 31,920,177,152 bytes free
.
2008-04-10 02:54:07 --- E O F ---

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

offline
  • Pridružio: 16 Apr 2005
  • Poruke: 2908

Hvala Smile

Ko je trenutno na forumu
 

Ukupno su 1242 korisnika na forumu :: 38 registrovanih, 8 sakrivenih i 1196 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, Asparagus, bojankrstc, Bokiboks, Boris90, bufanje, Cassius Clay, crnogorac, Dimitrise93, Dorcolac, FileFinder, FOX, GandorCC, Georgius, ILGromovnik, Kruger, Kubovac, ladro, laurusri, lord sir giga, Luka Blažević, mercedesamg, Metanoja, milenko crazy north, pein, Pikac-47, repac, saputnik plavetnila, Smajser, Srle993, stegonosa, Sumadija34, taz1cl, vathra, VJ, vukovi, Zoca