Pokretanje Internet Explorera u procesima

1

Pokretanje Internet Explorera u procesima

offline
  • Pridružio: 23 Feb 2008
  • Poruke: 610

Internet Explorer mi se sam otvara u procesima i ne mogu ga iskljuciti, ovo ne bi bio problem da mi instalacija jedne aplikacije ne zahtjeva zatvoren IE...




Logfile of HijackThis v1.99.1
Scan saved at 18:38:31, on 1.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
D:\xampp\apache\bin\apache.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\xampp\mysql\bin\mysqld-nt.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
D:\Program files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator Nihad\Desktop\New Folder\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhgrad.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: BHO.ext2 - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\draw media.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Team] C:\DOCUME~1\ADMINI~1\APPLIC~1\OPTION~1\safe bleh.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?912e84b722cf40c9ab73042d3a35f0c4
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?912e84b722cf40c9ab73042d3a35f0c4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB6D1FD-7BEC-45CF-BC06-4B08E73AF256}: NameServer = 91.191.38.7 91.191.38.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Arrow Pokreni HijackThis, skeniraj i čekiraj sledeće linije:

O2 - BHO: BHO.ext2 - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - (no file)
O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\draw media.exe
O4 - HKCU\..\Run: [Window Team] C:\DOCUME~1\ADMINI~1\APPLIC~1\OPTION~1\safe bleh.exe

Klikni Fix checked.



Arrow Preuzmi Deljob.
Dvoklikom pokreni deljob.exe
Logfile logit.txt će se otvoriti u Notepad-u (file će se nalaziti u folderu u kojem je i deljob.exe)
Iskopiraj sadržaj tog loga u temu na forumu




Arrow Restartuj kompjuter i postavi svež HijackThis log.

offline
  • Pridružio: 23 Feb 2008
  • Poruke: 610

Evo sadrzaj logit.txt:

--------------------------------------------------------
Backups created in C:\deljob

B8B56ECB906B18AB.job
--------------------------------------------------------
Files in Windows Tasks folder

1-Click Maintenance.job
Check Updates for Windows Live Toolbar.job
--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is C41D-BDB4

Directory of C:\Documents and Settings\Administrator Nihad\Application Data

01.08.2008 13:28 <DIR> .
01.08.2008 13:28 <DIR> ..
07.07.2008 17:14 <DIR> Adobe
14.07.2008 19:23 <DIR> Ahead
14.07.2008 14:24 <DIR> Axialis
20.07.2008 00:01 <DIR> BSPLAY~1 BSplayer Pro
24.07.2008 16:14 <DIR> CoSoSys
02.07.2008 22:15 <DIR> ESET
11.07.2008 20:39 <DIR> FlashFXP
01.08.2008 13:32 <DIR> FUJIFILM
18.07.2008 14:36 <DIR> Garmin
18.07.2008 18:53 <DIR> Google
01.08.2008 16:21 <DIR> Hamachi
03.07.2008 21:33 <DIR> Help
02.07.2008 21:43 <DIR> IDENTI~1 Identities
20.07.2008 19:40 <DIR> LimeWire
02.07.2008 22:39 <DIR> MACROM~1 Macromedia
24.07.2008 00:13 <DIR> MICROS~1 Microsoft
02.07.2008 22:29 <DIR> Mozilla
07.07.2008 17:11 <DIR> NOTEPA~1 Notepad++
23.07.2008 22:04 <DIR> OPTION~1 Option Bags
15.07.2008 21:37 <DIR> Real
03.07.2008 22:13 <DIR> SmartFTP
04.07.2008 14:25 <DIR> Sun
25.07.2008 01:11 <DIR> TEAMSP~1 teamspeak2
03.07.2008 14:22 <DIR> TEAMVI~1 TeamViewer
02.07.2008 22:50 <DIR> TUNEUP~1 TuneUp Software
12.07.2008 11:52 <DIR> WEBPAG~1 Web Page Maker
02.07.2008 22:22 <DIR> WinRAR
0 File(s) 0 bytes
29 Dir(s) 8.059.990.016 bytes free
Volume in drive C has no label.
Volume Serial Number is C41D-BDB4

Directory of C:\Documents and Settings\All Users\Application Data

21.07.2008 18:35 <DIR> .
21.07.2008 18:35 <DIR> ..
15.07.2008 22:31 <DIR> Adobe
03.07.2008 12:03 <DIR> ADOBES~1 Adobe Systems
02.07.2008 22:13 <DIR> ESET
25.07.2008 23:35 <DIR> GOOGLE~1 Google Updater
23.07.2008 22:03 <DIR> JUMPPO~1 Jump Poll Poke Mp3
02.07.2008 23:44 <DIR> MESSEN~1 Messenger Plus!
01.08.2008 13:33 <DIR> MICROS~1 Microsoft
17.07.2008 23:57 <DIR> MICROS~2 Microsoft Help
21.07.2008 01:24 <DIR> SPYBOT~1 Spybot - Search & Destroy
02.07.2008 22:49 <DIR> TUNEUP~1 TuneUp Software
02.07.2008 22:54 <DIR> WINDOW~1 Windows Genuine Advantage
03.07.2008 00:59 <DIR> WINDOW~2 Windows Live Toolbar
03.07.2008 00:31 <DIR> WLINST~1 WLInstaller
0 File(s) 0 bytes
15 Dir(s) 8.059.990.016 bytes free
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
Administrator Nihad
All Users
--------------------------------------------------------

Dopuna: 01 Avg 2008 19:09

Nakon restarta evo svjezeg HijackThis loga:

Logfile of HijackThis v1.99.1
Scan saved at 19:06:52, on 1.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\xampp\apache\bin\apache.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\xampp\mysql\bin\mysqld-nt.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator Nihad\Desktop\New Folder\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhgrad.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Window Team] C:\DOCUME~1\ADMINI~1\APPLIC~1\OPTION~1\safe bleh.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?912e84b722cf40c9ab73042d3a35f0c4
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?912e84b722cf40c9ab73042d3a35f0c4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB6D1FD-7BEC-45CF-BC06-4B08E73AF256}: NameServer = 91.191.38.7 91.191.38.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 23 Feb 2008
  • Poruke: 610

ComboFix 08-07-31.06 - Administrator Nihad 2008-08-01 19:16:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.96 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator Nihad\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-08-01 19:00 . 2008-08-01 19:00 <DIR> d-------- C:\deljob
2008-08-01 16:21 . 2008-08-01 16:21 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-08-01 16:19 . 2008-08-01 16:19 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-01 16:19 . 2008-08-01 16:19 96,256 --a------ C:\WINDOWS\system32\drivers\sptd0813.sys
2008-08-01 13:33 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-01 13:33 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-01 13:33 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-01 13:33 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-01 13:28 . 2008-08-01 13:29 <DIR> d-------- C:\Program Files\FinePixViewerS
2008-08-01 13:28 . 2008-08-01 13:32 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\FUJIFILM
2008-07-25 01:11 . 2008-07-25 01:11 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\teamspeak2
2008-07-25 01:11 . 2008-07-25 01:11 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-07-25 01:10 . 2008-07-25 14:34 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-07-24 17:17 . 2008-08-01 19:19 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Hamachi
2008-07-24 17:16 . 2008-07-24 17:17 <DIR> d-------- C:\Program Files\Hamachi
2008-07-24 17:16 . 2008-07-24 17:16 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-07-24 16:14 . 2008-07-24 16:14 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\CoSoSys
2008-07-24 15:22 . 2008-07-24 15:22 94 --a------ C:\WINDOWS\JFNetworkWt.INI
2008-07-24 00:06 . 2008-07-24 00:06 <DIR> d-------- C:\Program Files\Stardock
2008-07-24 00:06 . 2008-07-24 00:06 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-07-23 22:03 . 2008-07-23 22:03 <DIR> d-------- C:\Program Files\Option Bags
2008-07-23 21:50 . 2008-07-24 14:30 <DIR> d-------- C:\Program Files\SHOUTcast
2008-07-21 18:35 . 2008-07-21 18:36 <DIR> d-------- C:\Program Files\Google
2008-07-21 18:35 . 2008-08-01 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-20 23:37 . 2008-07-21 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 19:49 . 2008-07-20 19:49 25,586 --a------ C:\aem8.dat
2008-07-18 14:35 . 2008-07-18 14:35 <DIR> d-------- C:\Garmin
2008-07-18 14:35 . 2008-07-18 14:36 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Garmin
2008-07-17 23:46 . 2008-07-17 23:46 <DIR> d-------- C:\Program Files\Nokia
2008-07-17 00:12 . 2008-07-18 15:39 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-07-16 01:03 . 2008-07-25 18:01 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Real
2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-15 21:34 . 2008-07-15 21:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-14 17:49 . 2008-07-14 19:23 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Ahead
2008-07-14 17:46 . 2008-07-14 17:46 <DIR> d-------- C:\Program Files\Nero
2008-07-14 17:46 . 2008-07-14 17:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-14 14:24 . 2008-07-14 14:24 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Axialis
2008-07-14 13:49 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-14 13:47 . 2008-07-14 13:47 <DIR> d-------- C:\Program Files\MSBuild
2008-07-14 13:47 . 2008-07-14 13:47 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-14 13:45 . 2008-07-14 13:45 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-14 13:43 . 2008-07-14 13:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-07-14 13:42 . 2008-07-14 13:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-14 13:41 . 2008-07-14 13:41 <DIR> dr-h----- C:\MSOCache
2008-07-14 13:41 . 2008-07-17 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-11 20:39 . 2008-07-11 20:39 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\FlashFXP
2008-07-11 14:22 . 2008-07-11 15:14 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\amsn
2008-07-09 17:54 . 2008-07-12 11:52 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Web Page Maker
2008-07-09 14:34 . 2008-07-09 14:34 106,272 --a------ C:\WINDOWS\system32\snmpoids.dll
2008-07-08 23:23 . 2008-07-09 23:03 <DIR> d-------- C:\Poker
2008-07-08 00:35 . 2008-07-08 00:35 24 --a------ C:\WINDOWS\AM_D8.PRF
2008-07-08 00:06 . 2008-07-25 00:08 921,624 --a------ C:\img1-001.raw
2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\WINDOWS\Album
2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\Program Files\VideoCAM Eye
2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\Program Files\Common Files\VCAMEye
2008-07-07 23:49 . 2004-08-03 23:08 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2008-07-07 23:49 . 2004-08-03 23:08 20,480 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys
2008-07-07 23:26 . 2008-07-07 23:26 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-07 19:22 . 2008-07-07 19:22 23 --a------ C:\WINDOWS\ANS2000.INI
2008-07-07 19:22 . 2008-07-07 19:22 20 --ah----- C:\WINDOWS\akebook.ini
2008-07-07 19:22 . 2008-07-07 19:22 4 --ah----- C:\WINDOWS\a3kebook.ini
2008-07-07 17:11 . 2008-07-07 17:11 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Notepad++
2008-07-04 14:25 . 2008-07-04 14:25 <DIR> d-------- C:\WINDOWS\Sun
2008-07-03 22:04 . 2008-07-03 22:04 <DIR> d-------- C:\Program Files\SmartFTP
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\UC.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\RAR.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\LHA.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\ARJ.PIF
2008-07-03 20:57 . 2008-07-03 22:13 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\SmartFTP
2008-07-03 20:52 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-03 20:52 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-03 20:52 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-03 12:03 . 2008-07-03 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-03 11:54 . 2008-07-03 11:54 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-03 11:43 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-03 11:27 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-03 11:27 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-03 00:59 . 2008-07-03 00:59 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-07-03 00:59 . 2008-07-03 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-07-03 00:58 . 2008-07-03 11:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-03 00:58 . 2008-07-03 00:59 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-07-03 00:50 . 2008-08-01 19:05 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Tracing
2008-07-03 00:23 . 2008-07-03 00:28 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-03 00:23 . 2008-07-03 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-03 00:19 . 2008-07-09 13:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-03 00:17 . 2008-07-23 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3
2008-07-03 00:16 . 2008-07-23 22:04 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags
2008-07-03 00:15 . 2008-07-03 00:15 <DIR> d-------- C:\Program Files\Circle Developement
2008-07-03 00:11 . 2008-07-03 00:11 <DIR> d-------- C:\Program Files\Sun
2008-07-03 00:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-02 22:59 . 2008-07-15 21:31 <DIR> d-------- C:\Program Files\Java
2008-07-02 22:59 . 2008-07-02 22:59 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-02 22:58 . 2008-07-03 14:22 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\TeamViewer
2008-07-02 22:57 . 2008-07-02 22:58 <DIR> d-------- C:\Program Files\Hrvatsko - Engleski Rječnik
2008-07-02 22:56 . 2008-07-02 22:56 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-02 22:54 . 2008-07-02 22:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-02 22:54 . 2008-07-02 22:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-02 22:54 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-02 22:50 . 2008-07-02 22:50 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\TuneUp Software
2008-07-02 22:50 . 2007-03-28 19:42 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-02 22:49 . 2008-07-02 22:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 22:49 . 2008-07-02 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-02 22:47 . 2008-08-01 16:24 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-02 22:37 . 2008-07-20 19:30 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\dwhelper
2008-07-02 22:29 . 2008-07-02 22:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-02 22:19 . 2008-07-02 21:56 16,896 --a------ C:\WINDOWS\system32\grwinsthlp.exe
2008-07-02 22:19 . 2008-07-02 22:19 172 --a------ C:\UnInstall.dat
2008-07-02 22:15 . 2008-07-02 22:15 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\ESET
2008-07-02 22:13 . 2008-07-02 22:15 <DIR> d-------- C:\Program Files\ESET
2008-07-02 22:13 . 2008-07-02 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-02 22:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-02 22:02 . 2008-07-02 22:02 <DIR> d-------- C:\Program Files\directx
2008-07-02 22:00 . 2008-07-02 22:00 <DIR> d-------- C:\Program Files\My Company Name

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 11:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 13:08 --------- d-----w C:\Program Files\Winamp
2008-07-20 17:40 --------- d-----w C:\Documents and Settings\Administrator Nihad\Application Data\LimeWire
2008-07-19 22:01 --------- d-----w C:\Documents and Settings\Administrator Nihad\Application Data\BSplayer Pro
2008-07-15 19:34 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-07 22:20 --------- d-----w C:\Program Files\Windows Live
2008-07-07 22:20 --------- d-----w C:\Program Files\MSN Messenger
2008-07-02 22:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-02 22:04 --------- d-----w C:\Program Files\MessengerDiscovery
2008-07-02 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-02 21:23 --------- d-----w C:\Program Files\Adverts
2008-07-02 20:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-02 19:59 --------- d-----w C:\Program Files\ATI Technologies
2008-07-02 19:54 --------- d-----w C:\Program Files\ASUS
2008-07-02 19:52 --------- d-----w C:\Program Files\Intel
2008-07-02 19:52 --------- d-----w C:\Program Files\Analog Devices
2008-07-02 19:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"Window Team"="C:\DOCUME~1\ADMINI~1\APPLIC~1\OPTION~1\safe bleh.exe" [2008-07-23 22:03 727040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05 344064]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2006-09-26 16:49 35328]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\Administrator Nihad\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-07-24 17:16:37 624416]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-07-24 00:06:04 3450608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-08-01 13:28:57 303104]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Administrator Nihad\\Desktop\\KDX_Client\\KDXClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 Apache2.2;Apache2.2;D:\xampp\apache\bin\apache.exe [2008-01-18 01:37]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
S3 EnumChip;EnumChip;F:\Gart\EnumChip.sys []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 15:34]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 21:51]

2008-08-01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator Nihad\Application Data\Mozilla\Firefox\Profiles\s94g6958.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ba
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 19:18:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-01 19:19:58
ComboFix-quarantined-files.txt 2008-08-01 17:19:55

Pre-Run: 7,986,364,416 bytes free
Post-Run: 8,023,093,248 bytes free

233 --- E O F --- 2008-07-17 21:57:45

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uploaduj sledeće file-ove:

C:\WINDOWS\system32\snmpoids.dll
C:\WINDOWS\system32\grwinsthlp.exe


Upload link: http://www.mycity.rs/ambulanta-upload.php


-------------------------------------------------------------------------------------



Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\Program Files\Option Bags
C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3
C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags
C:\Program Files\Circle Developement
C:\Program Files\MessengerDiscovery
C:\Program Files\Adverts

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Team"=-




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 23 Feb 2008
  • Poruke: 610

Fileove sam uploadovao a evo loga:



ComboFix 08-07-31.06 - Administrator Nihad 2008-08-01 23:10:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.101 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator Nihad\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator Nihad\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags
C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\0
C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\Else Bash Wave Ooze.exe
C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\loud error live.exe
C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\nqkjeuub.exe
C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\safe bleh.exe
C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\vadlmocc.exe
C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3
C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\draw media.exe
C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\view help.exe
C:\Program Files\Adverts
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\Program Files\MessengerDiscovery
C:\Program Files\MessengerDiscovery\AlwaysAllow.mdl
C:\Program Files\MessengerDiscovery\AlwaysBlock.mdl
C:\Program Files\MessengerDiscovery\AutoReply.mdl
C:\Program Files\MessengerDiscovery\ContactBlocks.mdl
C:\Program Files\MessengerDiscovery\Languages\Albanian.ini
C:\Program Files\MessengerDiscovery\Languages\Deutsch.ini
C:\Program Files\MessengerDiscovery\Languages\Dutch.ini
C:\Program Files\MessengerDiscovery\Languages\Eesti.ini
C:\Program Files\MessengerDiscovery\Languages\English.ini
C:\Program Files\MessengerDiscovery\Languages\Espańol (Latino).ini
C:\Program Files\MessengerDiscovery\Languages\Francais.ini
C:\Program Files\MessengerDiscovery\Languages\Italiano.ini
C:\Program Files\MessengerDiscovery\Languages\Norsk.ini
C:\Program Files\MessengerDiscovery\Languages\Portugues (Brasil).ini
C:\Program Files\MessengerDiscovery\Languages\Portuguese (Portugal).ini
C:\Program Files\MessengerDiscovery\Languages\Turkish.ini
C:\Program Files\MessengerDiscovery\Loader.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe.manifest
C:\Program Files\MessengerDiscovery\MessengerDiscovery.dll
C:\Program Files\MessengerDiscovery\MessengerDiscoveryToday.exe
C:\Program Files\MessengerDiscovery\nihad.0104@live.com.nkh
C:\Program Files\MessengerDiscovery\nihad.0104@live.com.psh
C:\Program Files\MessengerDiscovery\nihad.0104@live.com\AlwaysAllow.mdl
C:\Program Files\MessengerDiscovery\nihad.0104@live.com\AlwaysBlock.mdl
C:\Program Files\MessengerDiscovery\nihad.0104@live.com\AutoReply.mdl
C:\Program Files\MessengerDiscovery\nihad.0104@live.com\ContactBlocks.mdl
C:\Program Files\MessengerDiscovery\nihad.0104@live.com\ContactManager.mdl
C:\Program Files\MessengerDiscovery\nihad.0104@live.com\NoAlert.mdl
C:\Program Files\MessengerDiscovery\NoAlert.mdl
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_0.png
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_1.png
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_2.png
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_3.png
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_4.png
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_5.png
C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_0.png
C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_1.png
C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_2.png
C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_Left.ico
C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_Right.ico
C:\Program Files\MessengerDiscovery\Sounds\Alert.wav
C:\Program Files\MessengerDiscovery\Sounds\Sounds Copyright.txt
C:\Program Files\MessengerDiscovery\SpellCHK.exe
C:\Program Files\MessengerDiscovery\unins000.dat
C:\Program Files\MessengerDiscovery\unins000.exe
C:\Program Files\Option Bags

.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-08-01 19:58 . 2008-08-01 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-01 19:50 . 2008-08-01 19:50 <DIR> d-------- C:\Program Files\QuickTime
2008-08-01 19:49 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-08-01 19:49 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-08-01 19:48 . 2008-08-01 19:48 <DIR> d-------- C:\Program Files\Bonjour
2008-08-01 19:38 . 2008-08-01 19:38 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-01 19:00 . 2008-08-01 19:00 <DIR> d-------- C:\deljob
2008-08-01 16:21 . 2008-08-01 16:21 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-08-01 16:19 . 2008-08-01 16:19 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-01 16:19 . 2008-08-01 16:19 96,256 --a------ C:\WINDOWS\system32\drivers\sptd0813.sys
2008-08-01 13:33 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-01 13:33 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-01 13:33 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-01 13:33 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-01 13:28 . 2008-08-01 13:29 <DIR> d-------- C:\Program Files\FinePixViewerS
2008-08-01 13:28 . 2008-08-01 13:32 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\FUJIFILM
2008-07-25 01:11 . 2008-07-25 01:11 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\teamspeak2
2008-07-25 01:11 . 2008-07-25 01:11 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-07-25 01:10 . 2008-07-25 14:34 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-07-24 17:17 . 2008-08-01 23:13 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Hamachi
2008-07-24 17:16 . 2008-07-24 17:17 <DIR> d-------- C:\Program Files\Hamachi
2008-07-24 17:16 . 2008-07-24 17:16 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-07-24 16:14 . 2008-07-24 16:14 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\CoSoSys
2008-07-24 15:22 . 2008-07-24 15:22 94 --a------ C:\WINDOWS\JFNetworkWt.INI
2008-07-24 00:06 . 2008-07-24 00:06 <DIR> d-------- C:\Program Files\Stardock
2008-07-24 00:06 . 2008-07-24 00:06 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-07-23 21:50 . 2008-07-24 14:30 <DIR> d-------- C:\Program Files\SHOUTcast
2008-07-21 18:35 . 2008-07-21 18:36 <DIR> d-------- C:\Program Files\Google
2008-07-21 18:35 . 2008-08-01 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-20 23:37 . 2008-07-21 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 19:49 . 2008-07-20 19:49 25,586 --a------ C:\aem8.dat
2008-07-18 14:35 . 2008-07-18 14:35 <DIR> d-------- C:\Garmin
2008-07-18 14:35 . 2008-07-18 14:36 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Garmin
2008-07-17 23:46 . 2008-07-17 23:46 <DIR> d-------- C:\Program Files\Nokia
2008-07-17 00:12 . 2008-07-18 15:39 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-07-16 01:03 . 2008-08-01 19:23 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Real
2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-15 21:34 . 2008-07-15 21:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-14 17:49 . 2008-07-14 19:23 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Ahead
2008-07-14 17:46 . 2008-07-14 17:46 <DIR> d-------- C:\Program Files\Nero
2008-07-14 17:46 . 2008-07-14 17:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-14 14:24 . 2008-07-14 14:24 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Axialis
2008-07-14 13:49 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-14 13:47 . 2008-07-14 13:47 <DIR> d-------- C:\Program Files\MSBuild
2008-07-14 13:47 . 2008-07-14 13:47 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-14 13:45 . 2008-07-14 13:45 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-14 13:43 . 2008-07-14 13:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-07-14 13:42 . 2008-07-14 13:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-14 13:41 . 2008-07-14 13:41 <DIR> dr-h----- C:\MSOCache
2008-07-14 13:41 . 2008-07-17 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-11 20:39 . 2008-07-11 20:39 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\FlashFXP
2008-07-11 14:22 . 2008-07-11 15:14 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\amsn
2008-07-09 17:54 . 2008-07-12 11:52 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Web Page Maker
2008-07-09 14:34 . 2008-07-09 14:34 106,272 --a------ C:\WINDOWS\system32\snmpoids.dll
2008-07-08 23:23 . 2008-07-09 23:03 <DIR> d-------- C:\Poker
2008-07-08 00:35 . 2008-07-08 00:35 24 --a------ C:\WINDOWS\AM_D8.PRF
2008-07-08 00:06 . 2008-07-25 00:08 921,624 --a------ C:\img1-001.raw
2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\WINDOWS\Album
2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\Program Files\VideoCAM Eye
2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\Program Files\Common Files\VCAMEye
2008-07-07 23:49 . 2004-08-03 23:08 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2008-07-07 23:49 . 2004-08-03 23:08 20,480 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys
2008-07-07 23:26 . 2008-07-07 23:26 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-07 19:22 . 2008-07-07 19:22 23 --a------ C:\WINDOWS\ANS2000.INI
2008-07-07 19:22 . 2008-07-07 19:22 20 --ah----- C:\WINDOWS\akebook.ini
2008-07-07 19:22 . 2008-07-07 19:22 4 --ah----- C:\WINDOWS\a3kebook.ini
2008-07-07 17:11 . 2008-07-07 17:11 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Notepad++
2008-07-04 14:25 . 2008-07-04 14:25 <DIR> d-------- C:\WINDOWS\Sun
2008-07-03 22:04 . 2008-07-03 22:04 <DIR> d-------- C:\Program Files\SmartFTP
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\UC.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\RAR.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\LHA.PIF
2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\ARJ.PIF
2008-07-03 20:57 . 2008-07-03 22:13 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\SmartFTP
2008-07-03 20:52 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-03 20:52 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-03 20:52 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-03 12:03 . 2008-07-03 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-03 11:54 . 2008-07-03 11:54 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-03 11:43 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-03 11:27 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-03 11:27 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-03 00:59 . 2008-07-03 00:59 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-07-03 00:59 . 2008-07-03 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-07-03 00:58 . 2008-07-03 11:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-03 00:58 . 2008-07-03 00:59 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-07-03 00:50 . 2008-08-01 23:02 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Tracing
2008-07-03 00:23 . 2008-07-03 00:28 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-03 00:23 . 2008-07-03 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-03 00:19 . 2008-07-09 13:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-03 00:11 . 2008-07-03 00:11 <DIR> d-------- C:\Program Files\Sun
2008-07-03 00:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-02 22:59 . 2008-07-15 21:31 <DIR> d-------- C:\Program Files\Java
2008-07-02 22:59 . 2008-07-02 22:59 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-02 22:58 . 2008-07-03 14:22 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\TeamViewer
2008-07-02 22:57 . 2008-07-02 22:58 <DIR> d-------- C:\Program Files\Hrvatsko - Engleski Rječnik
2008-07-02 22:56 . 2008-07-02 22:56 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-02 22:54 . 2008-07-02 22:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-02 22:54 . 2008-07-02 22:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-02 22:54 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-02 22:50 . 2008-07-02 22:50 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\TuneUp Software
2008-07-02 22:50 . 2007-03-28 19:42 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-02 22:49 . 2008-07-02 22:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 22:49 . 2008-07-02 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-02 22:47 . 2008-08-01 19:48 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-02 22:37 . 2008-07-20 19:30 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\dwhelper
2008-07-02 22:29 . 2008-07-02 22:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-02 22:19 . 2008-07-02 21:56 16,896 --a------ C:\WINDOWS\system32\grwinsthlp.exe
2008-07-02 22:19 . 2008-07-02 22:19 172 --a------ C:\UnInstall.dat
2008-07-02 22:15 . 2008-07-02 22:15 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\ESET
2008-07-02 22:13 . 2008-07-02 22:15 <DIR> d-------- C:\Program Files\ESET
2008-07-02 22:13 . 2008-07-02 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-02 22:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-02 22:02 . 2008-07-02 22:02 <DIR> d-------- C:\Program Files\directx
2008-07-02 22:00 . 2008-07-02 22:00 <DIR> d-------- C:\Program Files\My Company Name

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 11:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 13:08 --------- d-----w C:\Program Files\Winamp
2008-07-20 17:40 --------- d-----w C:\Documents and Settings\Administrator Nihad\Application Data\LimeWire
2008-07-19 22:01 --------- d-----w C:\Documents and Settings\Administrator Nihad\Application Data\BSplayer Pro
2008-07-15 19:34 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-07 22:20 --------- d-----w C:\Program Files\Windows Live
2008-07-07 22:20 --------- d-----w C:\Program Files\MSN Messenger
2008-07-02 22:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-02 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-02 20:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-02 19:59 --------- d-----w C:\Program Files\ATI Technologies
2008-07-02 19:54 --------- d-----w C:\Program Files\ASUS
2008-07-02 19:52 --------- d-----w C:\Program Files\Intel
2008-07-02 19:52 --------- d-----w C:\Program Files\Analog Devices
2008-07-02 19:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-01_19.19.37.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-01 17:49:29 65,536 ----a-r C:\WINDOWS\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
+ 2008-08-01 17:49:14 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
+ 2006-02-28 10:41:34 61,440 ----a-w C:\WINDOWS\system32\dns-sd.exe
+ 2006-02-28 10:41:22 53,248 ----a-w C:\WINDOWS\system32\dnssd.dll
+ 2007-02-20 13:34:06 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
- 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-02-20 14:04:02 2,463,976 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-02-20 14:04:04 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05 344064]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2006-09-26 16:49 35328]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\Administrator Nihad\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-07-24 17:16:37 624416]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-07-24 00:06:04 3450608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-08-01 13:28:57 303104]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Administrator Nihad\\Desktop\\KDX_Client\\KDXClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 Apache2.2;Apache2.2;D:\xampp\apache\bin\apache.exe [2008-01-18 01:37]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
S3 EnumChip;EnumChip;F:\Gart\EnumChip.sys []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 15:34]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 21:51]

2008-08-01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 23:13:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-01 23:14:17
ComboFix-quarantined-files.txt 2008-08-01 21:14:11
ComboFix2.txt 2008-08-01 17:19:59

Pre-Run: 6,863,110,144 bytes free
Post-Run: 6,856,241,152 bytes free

299 --- E O F --- 2008-07-17 21:57:45

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Zipuj / raruj kompletan folder: C:\deljob i uploaduj ga: http://www.mycity.rs/ambulanta-upload.php


Postavi i svež HijackThis logfile napravljen neposredno nakon restartovanja kompjutera.

offline
  • Pridružio: 23 Feb 2008
  • Poruke: 610

Nema potrebe da postavljam jer je sada u redu...

Hvala puno doktore ! !

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ko je trenutno na forumu
 

Ukupno su 1028 korisnika na forumu :: 69 registrovanih, 11 sakrivenih i 948 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Apok, aramis s, arzak, awathorn, bojcistv, BradaRS, BSD, Bubimir, cavatina, ccoogg123, dane007, dankisha, ddjxxi, Denaya, djo97, doklevise, DPera, dragoljub11987, dule10savic, Dzoni90, Futurama, Georgius, Gosha101980, jackreacher011011, JOntra, kokodakalo, kunktator, ladro, laurusri, Leonov, Litostroton, lord sir giga, Lucije Kvint, Luka Blažević, Maschinekalibar, mačković, MB120mm, mercedesamg, Mercury, Milan A. Nikolic, Milos ZA, mkukoleca, mustangkg, nextyamb, NoOneEver Dreams, opt1, Panter, Recce, rkekoke, rodoljub, Rogan33, ruso, sakota79, Sale.S, ser.hill, Sirius, Skakac7, srbijaiznadsvega, Stoilkovic, Tex Viler, Toni, trikomso, Vatrogasaccc, Vlada1389, vladom6, Vule, zalutalo prase, zziko